Date: Mon, 31 May 1999 15:17:45 +1000 From: Bruce Evans <bde@zeta.org.au> To: aron@cs.rice.edu, freebsd-bugs@freebsd.org Cc: dawes@freebsd.org Subject: Re: kern/11915: access system call says file is readable when its not Message-ID: <199905310517.PAA01594@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
> As for how I ran into this. Well, it seems XOpenDisplay() library call > in X11 uses access() to determine whether it can read a user's > .Xauthority file. If so, then XOpenDisplay() is a potential security hole and should never be used :-). See access.2. > My home directory is NFS mounted on my > desktop machine and the NFS server maps the "root" of my machine into > "nobody". So setuid programs (like xterm and Eterm) have a potential > problem - they run with the effective userid of > root and when they try to open my .Xauthority file, the NFS server > refuses access. For this reason, Eterm temporarily swaps the real userid > and effective userid (thus real userid becomes root and effective userid > becomes my user id) before issuing XOpenDisplay(). However, because of > thie problem with access() even this fails. I use the same (NFS) configuration. xterm seems to handle it correctly. Eterm's difficulties show how hard it is to use access(). The usual trick of swapping the ids is perfectly wrong if access() gets called. However, the euid must be changed to the ruid for fopen(). > For these reasons, I'll argue that access() should behave similarly to > the fopen() calls. This is not an option. POSIX.1 and about 25 years of tradition specify that access() shall behave unsimilarly to fopen(). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905310517.PAA01594>