Date: Sun, 01 Apr 2001 07:14:23 +1000 From: Greg Black <gjb@gbch.net> To: Bill Moran <wmoran@iowna.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Security problems with access(2)? Message-ID: <nospam-986073263.85140@maxim.gbch.net> In-Reply-To: <3AC644B1.1BB56BB3@iowna.com> of Sat, 31 Mar 2001 15:57:21 EST References: <Pine.NEB.3.96L.1010331131056.40815F-100000@fledge.watson.org> <3AC644B1.1BB56BB3@iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: | Thanks for the additional explanation. It has done a number of things | for me, one of which is convince me that (for my application) the use of | access() is not a security problem. You're almost certainly wrong in that conclusion; and even if you're not wrong now there'll come a day when you re-use that code or extend that program without thinking about the effects of the access() calls in it and then you'll shoot yourself in the foot. If you want to know if your process can open a file, just call open() or fopen() and deal with errors appropriately. Of course, if there is a real /reason/ that you have found for using access() in spite of everything you have been told, that might make a difference; but you have never given us that reason and so we can't comment on it. I know that every time when I was a new Unix programmer and was tempted to use access(), a bit of thought (or some guidance from a more experienced colleague) showed me that I did not need access(). | I'm going to put together a suggestion for the doc team on this. I think | it can probably be explained a little better in the man page. The | current message is a little harsher than needed (I think) That message has been there for many years and is quite correct. There are interfaces that are in the system for historical reasons, but which should not be used by new programs; access() is one of those. There is only one reason to use access() and that's to discover if a file is accessible. Because of the race condition and the fact that access() tells lies to setuid and setgid programs, it is both dangerous and useless unless used with such care that any benefits it provides are lost in the noise. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nospam-986073263.85140>