Date: Mon, 30 Jul 2001 21:00:33 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Yar Tikhiy <yar@FreeBSD.ORG> Cc: Mike Barcroft <mike@FreeBSD.ORG>, audit@FreeBSD.ORG Subject: Re: finger(1) & fingerd(8) Message-ID: <20010730210033.A15213@ringworld.oblivion.bg> In-Reply-To: <20010730212257.C26476@comp.chem.msu.su>; from yar@FreeBSD.ORG on Mon, Jul 30, 2001 at 09:22:57PM %2B0400 References: <20010728155159.A35483@snark.rinet.ru> <20010728144554.C86837@coffee.q9media.com> <20010730212257.C26476@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 30, 2001 at 09:22:57PM +0400, Yar Tikhiy wrote: > On Sat, Jul 28, 2001 at 02:45:54PM -0400, Mike Barcroft wrote: > > > > [...] > > > if (access(buf, F_OK) == 0) > > > return 1; > > [...] > > > > I know this isn't your code, but this should also probably use open(2) > > as well. > > First, I must have missed something, but why is access(2) > a bad thing at this particular point? I think there have been some grumblings about access(2) in general, and some other grumblings about programs trying to second-guess the kernel in determining access permissions. However, that would apply more to the case where a program was e.g. testing getuid() == 0 instead of just attempting a bind() to a privileged port; in this particular case, both access(2) and open(2) are system calls which should have the same idea about permissions, ACL's and such. But the first point still remains - I can't remember exactly what the grumblings about access(2) were, but I seem to remember that there *were* some. G'luck, Peter -- This sentence was in the past tense. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010730210033.A15213>