Date: Mon, 02 Apr 2001 01:59:07 -0600 From: Warner Losh <imp@harmony.village.org> To: freebsd-hackers@FreeBSD.ORG Cc: Greg Black <gjb@gbch.net>, Robert Watson <rwatson@FreeBSD.ORG>, Bill Moran <wmoran@iowna.com> Subject: Re: Security problems with access(2)? Message-ID: <200104020800.f3280Nq11333@harmony.village.org> In-Reply-To: Your message of "Sun, 01 Apr 2001 19:04:58 PDT." <20010401190458.A4991@dragon.nuxi.com> References: <20010401190458.A4991@dragon.nuxi.com> <Pine.NEB.3.96L.1010331173532.40815M-100000@fledge.watson.org> <nospam-986086523.86272@maxim.gbch.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010401190458.A4991@dragon.nuxi.com> "David O'Brien" writes: : On Sun, Apr 01, 2001 at 10:55:23AM +1000, Greg Black wrote: : > Many years ago I implemented a new interface that I called : > eaccess() which replicated the work of access, but tested : > against the effective uid and gid. I'd like to see that : > introduced more widely. : : That still isn't suffient (and even more scary) unless the parameter is a : file handle or FILE pointer. We need an faccess() call, plain and : simple. faccess is also dangarous. When you open the file at elevated privs, you run the risk of side effects, such as a tape rewinding on close. facecss won't change that problem. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104020800.f3280Nq11333>