From owner-freebsd-security  Tue Oct 15  4:37:48 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4B88737B404
	for <security@FreeBSD.ORG>; Tue, 15 Oct 2002 04:37:45 -0700 (PDT)
Received: from seattlefenix.net (seattleFenix.net [216.39.145.247])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0BC9243E9C
	for <security@FreeBSD.ORG>; Tue, 15 Oct 2002 04:37:45 -0700 (PDT)
	(envelope-from roo@seattlefenix.net)
Received: by surreal.seattlefenix.net (Postfix, from userid 1001)
	id 731A836B2D; Fri, 11 Oct 2002 09:48:05 -0700 (PDT)
Date: Fri, 11 Oct 2002 09:48:05 -0700
From: Benjamin Krueger <benjamin@seattleFenix.net>
To: Ricardo Anguiano <anguiano@codesourcery.com>
Cc: Chris BeHanna <behanna@zbzoom.net>,
	FreeBSD Security <security@FreeBSD.ORG>
Subject: Re: access() is a security hole?
Message-ID: <20021011164805.GA27132@surreal.seattlefenix.net>
Reply-To: benjamin@seattleFenix.net
References: <20021011094935.I86274-100000@topperwein.pennasoft.com> <m3r8exszf8.fsf@mordack.codesourcery.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <m3r8exszf8.fsf@mordack.codesourcery.com>
User-Agent: Mutt/1.4i
X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Ricardo Anguiano (anguiano@codesourcery.com) [021011 09:39]:
> Chris BeHanna <behanna@zbzoom.net> writes:
> 
> > On Fri, 11 Oct 2002, Bruce Evans wrote:
> > > Setuid programs should only use access() to check whether they will
> > > have permission after they set[ug]id() to the real [ug]id.  Non-setuid
> > > programs mostly don't need such checks.  They can just try the operation.
> > 
> >     Perhaps the way to avoid the race is to open the file, lock it,
> > and *then* call access(), then close the file or proceed based upon
> > the result.
> 
> What's wrong with opening the file, then using fstat to check the
> properties of the file associated with the file descriptor?
> 
> -- 
> Ricardo Anguiano
> CodeSourcery, LLC

And if you don't have sufficient permission to open the file?

-- 
Benjamin Krueger

"Everyone has wings, some folks just don't know what they're for"
- B. Banzai
----------------------------------------------------------------
Send mail w/ subject 'send public key' or query for (0x251A4B18)
Fingerprint = A642 F299 C1C1 C828 F186  A851 CFF0 7711 251A 4B18

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message