Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 1 Apr 2001 14:48:30 -0700
From:      Jordan DeLong <fracture@allusion.net>
To:        freebsd-hackers@freebsd.org
Subject:   Re: Security problems with access(2)?
Message-ID:  <20010401144830.A76718@cx420564-b.tucson1.az.home.com>
In-Reply-To: <200103312144.f2VLiP301397@mass.dis.org>; from msmith@FreeBSD.ORG on Sat, Mar 31, 2001 at 01:44:25PM -0800
References:  <20010401143348.A74357@cx420564-b.tucson1.az.home.com> <200103312144.f2VLiP301397@mass.dis.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 31, 2001 at 01:44:25PM -0800, Mike Smith wrote:
> > in a project I'm currently working on I use the access(2) call when
> > going through a path for plugins to load.  For each : delim on the path
> > it does an access(2) to see if there is a file there, and then it
> > uses dlopen(3) to open the file as a share object, and responds
> > appropriatly to any errors it may recieve from the dlopen(3)
> > call.
> >=20
> > I'd like to offer this as an example of a reasonable, and noninsecure
> > usage of access (please correct me if I'm wrong).  I'm not worried about
> > if the file is created after the access call: I'm just using the
> > access call to avoid having to do a dlopen() on every : delim
> > in the path.
> >=20
> > Thoughts?
>=20
> If you're going to dlopen(3) it anyway, calling access(2) is just a waste=
 of=20
> time.  This is the most benign misuse of access(2), it's certainly not a=
=20
> "reasonable" example however.
>=20

so in your oppinion it would be more preferable to either
a) attempt the dlopen(3) on each entry in the path, and give the value of d=
lerror(3)
   to stderr for each one
or
b) attempt the dlopen(3) on each entry in the path and not give any error
   information because most items would probably go through three path
   entries before getting to the one that has the file in it.

the access(2) call is so I don't have to print a ton of dlerror(3) messages=
, because
hopefully we can agree that b is a bad idea...

> --=20
> ... every activity meets with opposition, everyone who acts has his
> rivals and unfortunately opponents also.  But not because people want
> to be opponents, rather because the tasks and relationships force
> people to take different points of view.  [Dr. Fritz Todt]
>            V I C T O R Y   N O T   V E N G E A N C E
>=20
>=20

--=20
Jordan DeLong
fracture@allusion.net


--bg08WKrSYDhXBjb5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjrHoi4ACgkQDrrilS51AZ/ioQCfUkcQE/ApAQDv3ZxvL+ClX018
QbEAn2Gd45hvU8mwvmI33JHp05bvov2N
=0pCm
-----END PGP SIGNATURE-----

--bg08WKrSYDhXBjb5--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010401144830.A76718>