Date: Thu, 02 Jul 1998 19:20:55 -0500 From: Jon Hamilton <hamilton@pobox.com> To: joelh@gnu.org Cc: freebsd-questions@FreeBSD.ORG Subject: Re: access(2) security issues Message-ID: <199807030022.RAA04793@hub.freebsd.org> In-Reply-To: Your message of "Thu, 02 Jul 1998 16:34:17 CDT." <199807022134.QAA06871@detlev.UUCP>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199807022134.QAA06871@detlev.UUCP>, Joel Ray Holveck wrote: } I see in access(2): } } CAVEAT } Access() is a potential security hole and should never be used. } } I'm presently changing the file operations on a program that uses } access, and one module operates suid root. What do I need to concern } myself with? I didn't see anything in the CVS logs or mailing } archives. It's not a problem with access() per se, but the information you get back from it is largely useless, unless you just want to print out a diagnostic or somesuch. The problem with trusting access() is that there's a race condition between the time it tells you what you want to hear, and the time you wander out and try to open() the file (for example). Since you have to check the return status on open() anyway, you're better off just trying to open() the file in the first place, and base your error recovery on the results of that. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807030022.RAA04793>