From owner-freebsd-questions Sat Mar 31 8:15:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mr200.netcologne.de (mr200.netcologne.de [194.8.194.109]) by hub.freebsd.org (Postfix) with ESMTP id 6AD3537B718 for ; Sat, 31 Mar 2001 08:15:54 -0800 (PST) (envelope-from pherman@frenchfries.net) Received: from husten.security.at12.de (dial-213-168-96-21.netcologne.de [213.168.96.21]) by mr200.netcologne.de (Mirapoint) with ESMTP id ADG04988; Sat, 31 Mar 2001 18:15:34 +0200 (CEST) Received: from localhost (localhost.security.at12.de [127.0.0.1]) by husten.security.at12.de (8.11.3/8.11.2) with ESMTP id f2VGFQw21377; Sat, 31 Mar 2001 18:15:26 +0200 (CEST) (envelope-from pherman@frenchfries.net) Date: Sat, 31 Mar 2001 18:15:25 +0200 (CEST) From: Paul Herman To: Edwin Groothuis Cc: Bill Moran , Subject: Re: access() system call In-Reply-To: <20010331165151.J490@cgmd76206.chello.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 31 Mar 2001, Edwin Groothuis wrote: > > 2. Is there any more information on why access() is such a terrible > > security hole? > > I'm also wondering about it. Just a hunch, but maybe because of a possible race condition between checking for a file's existence and opening it for use. fstat(2) is already passed an open file descriptor so you get the real McCoy. The stat(2) and access(2) system calls look as if they do pretty much the same to me, perhaps stat(2) should also carry such a warning in the manpage? -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message