From owner-freebsd-security  Tue Oct  8 15:11: 2 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B8E2737B401
	for <FreeBSD-security@FreeBSD.ORG>; Tue,  8 Oct 2002 15:11:01 -0700 (PDT)
Received: from alcanet.com.au (mail3.alcanet.com.au [208.178.117.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C0CCF43E7B
	for <FreeBSD-security@FreeBSD.ORG>; Tue,  8 Oct 2002 15:10:59 -0700 (PDT)
	(envelope-from peter.jeremy@alcatel.com.au)
Received: from sydsmtp01.alcatel.com.au (IDENT:root@localhost.localdomain [127.0.0.1])
	by alcanet.com.au (8.12.4/8.12.4/Alcanet1.3) with ESMTP id g98MAmVG003173;
	Wed, 9 Oct 2002 08:10:49 +1000
Received: from gsmx07.alcatel.com.au ([139.188.20.247])
          by sydsmtp01.alcatel.com.au (Lotus Domino Release 5.0.11)
          with ESMTP id 2002100908104673:18299 ;
          Wed, 9 Oct 2002 08:10:46 +1000 
Received: from gsmx07.alcatel.com.au (localhost [127.0.0.1])
	by gsmx07.alcatel.com.au (8.12.5/8.12.5) with ESMTP id g98MAk2t084159;
	Wed, 9 Oct 2002 08:10:46 +1000 (EST)
	(envelope-from peter.jeremy@alcatel.com.au)
Received: (from jeremyp@localhost)
	by gsmx07.alcatel.com.au (8.12.5/8.12.5/Submit) id g98MAkrV084158;
	Wed, 9 Oct 2002 08:10:46 +1000 (EST)
	(envelope-from peter.jeremy@alcatel.com.au)
Date: Wed, 9 Oct 2002 08:10:46 +1000
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
To: The Anarcat <anarcat@anarcat.ath.cx>
Cc: FreeBSD Security Issues <FreeBSD-security@FreeBSD.ORG>
Subject: Re: access() is a security hole?
Message-ID: <20021008221046.GV495@gsmx07.alcatel.com.au>
Mail-Followup-To: The Anarcat <anarcat@anarcat.ath.cx>,
	FreeBSD Security Issues <FreeBSD-security@FreeBSD.ORG>
References: <20021008183227.GC309@lenny.anarcat.ath.cx> <Pine.GSO.4.44.0210082024200.11104-100000@mail.ilrt.bris.ac.uk> <20021008212335.GF309@lenny.anarcat.ath.cx>
Mime-Version: 1.0
In-Reply-To: <20021008212335.GF309@lenny.anarcat.ath.cx>
User-Agent: Mutt/1.4i
X-MIMETrack: Itemize by SMTP Server on SYDSMTP01/AlcatelAustralia(Release 5.0.11  |July
 24, 2002) at 09/10/2002 08:10:46 AM,
	Serialize by Router on SYDSMTP01/AlcatelAustralia(Release 5.0.11  |July 24, 2002) at
 09/10/2002 08:10:49 AM,
	Serialize complete at 09/10/2002 08:10:49 AM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 2002-Oct-08 17:23:35 -0400, The Anarcat <anarcat@anarcat.ath.cx> wrote:
>Also, this means that the stat() manpage should also contains a
>similar section about its non-fd incarnations.

I disagree.  access(2) is specifically designed to allow setuid/setgid
programs to validate access rights based on the real uid/gid - but is
virtually impossible to use safely for this task because of the
inherent race conditions.  stat(2) and lstat(2) can be used unsafely
but accurately fulfil their documented functions without creating a
false sense of security.

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message