Date: Thu, 10 Oct 2002 12:31:38 -0700 From: David Schultz <dschultz@uclink.Berkeley.EDU> To: Peter Jeremy <peter.jeremy@alcatel.com.au> Cc: The Anarcat <anarcat@anarcat.ath.cx>, FreeBSD Security Issues <FreeBSD-security@FreeBSD.ORG> Subject: Re: access() is a security hole? Message-ID: <20021010193137.GA13547@HAL9000.homeunix.com> In-Reply-To: <20021008221046.GV495@gsmx07.alcatel.com.au> References: <20021008183227.GC309@lenny.anarcat.ath.cx> <Pine.GSO.4.44.0210082024200.11104-100000@mail.ilrt.bris.ac.uk> <20021008212335.GF309@lenny.anarcat.ath.cx> <20021008221046.GV495@gsmx07.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Peter Jeremy <peter.jeremy@alcatel.com.au>: > On 2002-Oct-08 17:23:35 -0400, The Anarcat <anarcat@anarcat.ath.cx> wrote: > >Also, this means that the stat() manpage should also contains a > >similar section about its non-fd incarnations. > > I disagree. access(2) is specifically designed to allow setuid/setgid > programs to validate access rights based on the real uid/gid - but is > virtually impossible to use safely for this task because of the > inherent race conditions. No, access(2) is designed to allow NON-setuid programs to easily do sanity checks without opening a file or device right away. There's still a race condition, but it isn't typically a security threat when all you're trying to do is prevent the user from shooting himself in the foot. To use access() in a setuid program is usually an error. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021010193137.GA13547>