Date: Sat, 31 Mar 2001 12:23:40 -0500 From: Bill Moran <wmoran@iowna.com> To: Rick Bradley <roundeye@roundeye.net> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Security problems with access(2)? Message-ID: <3AC6129C.3E5BDC01@iowna.com> References: <3AC60925.7CF191FA@iowna.com> <20010331110248.A28931@negwo.roundeye.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Rick Bradley wrote: > > * Bill Moran (wmoran@iowna.com) [010331 10:48]: > [...] > > Does anyone have a pointer to more detailed information on the potential > > security hole in access()? I've got a bit more research to do on this, > > but I'd appreciate any pointers to speed me along. > > I'd say they docs are referring to the potential race condition: > > - Program calls access() to see if user has authority to open > a file and gets an affirmative result > - User swaps file with another file (say a link to the password > file) > - Program calls open() on the file, which has been replaced since > the call to access() > > If the program is running with more privileges than the user this > is a truck-sized hole (or at least SUV-sized). Ahhh ... I'd call that an aircraft-carrier sized hole. I hadn't even considered that possibility. The good news, however, is that it doesn't present any security concerns in the context I'll be using - since the program runs as the local user. Thanks, Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC6129C.3E5BDC01>