Date: Tue, 8 Oct 2002 16:37:59 -0400 From: The Anarcat <anarcat@anarcat.ath.cx> To: Fernando Schapachnik <fschapachnik@vianetworks.com.ar> Cc: FreeBSD Security Issues <FreeBSD-security@FreeBSD.ORG> Subject: Re: access() is a security hole? Message-ID: <20021008203759.GD309@lenny.anarcat.ath.cx> In-Reply-To: <20021008154204.D56601@ns1.via-net-works.net.ar> References: <20021008183227.GC309@lenny.anarcat.ath.cx> <20021008154204.D56601@ns1.via-net-works.net.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
--bajzpZikUji1w+G9
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue Oct 08, 2002 at 03:42:04PM -0300, Fernando Schapachnik wrote:
> En un mensaje anterior, The Anarcat escribi=F3:
> > The access(2) manpage mentions an obscure security hole in
> > access(2). How so?
> >=20
> > "
> > CAVEAT
> > Access() is a potential security hole and should never be used.
>=20
> It might have to do with the fact that file permissions can change
> between the access() call and the open() call. The preferred way is
> to use fstat() that takes an open fd.
Just what I thought. The man page should be more precise. The way I
read it, there is a security bug in access(2) which is not the
case.
I'll try to come up with an update to the manpage.
A.
--=20
Advertisers, not governments, are the primary censors of media content=20
in the United States today.
- C. Edwin Baker
http://www.ad-mad.co.uk/quotes/freespeech.htm
--bajzpZikUji1w+G9
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9o0InttcWHAnWiGcRAqU1AKCMo8PebN36m3nWaA1j/vSixKnEvwCgl47F
aP4pjDDUypRPinu7v4cu7io=
=ILAR
-----END PGP SIGNATURE-----
--bajzpZikUji1w+G9--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021008203759.GD309>