Date: Sat, 31 Mar 2001 17:53:09 -0500 From: Bill Moran <wmoran@iowna.com> To: Greg Black <gjb@gbch.net> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Security problems with access(2)? - off topic Message-ID: <3AC65FD5.F91717BB@iowna.com> References: <Pine.NEB.3.96L.1010331131056.40815F-100000@fledge.watson.org> <3AC644B1.1BB56BB3@iowna.com> <nospam-986073263.85140@maxim.gbch.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Black wrote: > > Bill Moran wrote: > > | Thanks for the additional explanation. It has done a number of things > | for me, one of which is convince me that (for my application) the use of > | access() is not a security problem. > > You're almost certainly wrong in that conclusion; and even if > you're not wrong now there'll come a day when you re-use that > code or extend that program without thinking about the effects > of the access() calls in it and then you'll shoot yourself in > the foot. If you want to know if your process can open a file, > just call open() or fopen() and deal with errors appropriately. > > Of course, if there is a real /reason/ that you have found for > using access() in spite of everything you have been told, that > might make a difference; but you have never given us that reason > and so we can't comment on it. I know that every time when I > was a new Unix programmer and was tempted to use access(), a bit > of thought (or some guidance from a more experienced colleague) > showed me that I did not need access(). Sorry ... didn't think anyone was interested, and it's off topic, but here it is in a nutshell: The client I'm working with is moving from a Novell server to a FreeBSD server using Samba. They're very unhappy with Samba's behaviour in only 1 respect: on the Novell server, files/directories that were not readible by the user did not appear in the directory listing. For legacy reasons, they have a single shared directory that contains hundreds of directories, most of which are not accessibly to the majority of groups/users on the system. Samba has no option for this that I can find, and I have not been able to produce this effect with manipulation of the filesystem permissions. So I dug into the source code and found that the code that produces a directory listing is relatively simple. It's simply a loop that iterates through all the files(directories) in a directory and presents them to the client. So, ignoring these files/directories is simply a matter of a test for access() at the beginning of the loop that does a "continue" if it fails on read access. So you see ... this is probably one of the few situations where access() is safe, since a mistake in this case does not provide any access the object (that's handled later, in a completely seperate block of code) If I'm wrong, please feel free to correct me. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC65FD5.F91717BB>