From owner-freebsd-arch  Sat Sep  2 14:58:54 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9C60D37B422; Sat,  2 Sep 2000 14:58:51 -0700 (PDT)
Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=root)
	by scientia.demon.co.uk with esmtp (Exim 3.16 #1)
	id 13VLJJ-000CAZ-00; Sat, 02 Sep 2000 22:58:49 +0100
Received: (from ben@localhost)
	by strontium.scientia.demon.co.uk (8.9.3/8.9.3) id WAA18412;
	Sat, 2 Sep 2000 22:58:49 +0100 (BST)
	(envelope-from ben)
Date: Sat, 2 Sep 2000 22:58:49 +0100
From: Ben Smithurst <ben@FreeBSD.org>
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: arch@FreeBSD.ORG
Subject: Re: setuid ssh should die (Re: Request for review: nsswitch)
Message-ID: <20000902225849.R72445@strontium.scientia.demon.co.uk>
References: <20000902155701.C1263@hamlet.nectar.com> <Pine.NEB.3.96L.1000902174123.60028C-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.NEB.3.96L.1000902174123.60028C-100000@fledge.watson.org>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Robert Watson wrote:

> Instead, either perform the open() directly to check, or make use of the
> access() syscall.

Would this be the same access() whose manual page clearly says:

CAVEAT
     Access() is a potential security hole and should never be used.

-- 
Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message