From owner-freebsd-hackers  Sat Mar 31  9:26:28 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66])
	by hub.freebsd.org (Postfix) with ESMTP id 017E837B71A
	for <freebsd-hackers@FreeBSD.ORG>; Sat, 31 Mar 2001 09:26:26 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1])
	by harmony.village.org (8.11.1/8.11.1) with ESMTP id f2VHQIO13750;
	Sat, 31 Mar 2001 10:26:18 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Message-Id: <200103311726.f2VHQIO13750@harmony.village.org>
To: Bill Moran <wmoran@iowna.com>
Subject: Re: Security problems with access(2)? 
Cc: freebsd-hackers@FreeBSD.ORG
In-reply-to: Your message of "Sat, 31 Mar 2001 11:43:17 EST."
		<3AC60925.7CF191FA@iowna.com> 
References: <3AC60925.7CF191FA@iowna.com>  
Date: Sat, 31 Mar 2001 10:25:03 -0700
From: Warner Losh <imp@harmony.village.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <3AC60925.7CF191FA@iowna.com> Bill Moran writes:
: I'm a little confused here, if access() is such a serious security
: problem that it should _never_ be used, do we now have a major problem
: with a large amount of software in the base system?

Access(2) can be raced.  If you say access("fred") and then later open 
fread, between the two calls, fred may refer to different files and
you would be tricked into opening a file that you shouldn't have
otherwise opened.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message