Date: Sat, 31 Mar 2001 18:56:49 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: Bill Moran <wmoran@iowna.com> Cc: Paul Herman <pherman@frenchfries.net>, freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: Re: access() system call Message-ID: <Pine.GSO.4.31.0103311856010.11771-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <3AC60321.E043BFAA@iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 31 Mar 2001, Bill Moran wrote: > Paul Herman wrote: > > > > On Sat, 31 Mar 2001, Edwin Groothuis wrote: > > > > > > 2. Is there any more information on why access() is such a terrible > > > > security hole? > > > > > > I'm also wondering about it. > > > > Just a hunch, but maybe because of a possible race condition between > > checking for a file's existence and opening it for use. fstat(2) is > > already passed an open file descriptor so you get the real McCoy. > > > > The stat(2) and access(2) system calls look as if they do pretty much > > the same to me, perhaps stat(2) should also carry such a warning in > > the manpage? > > Interesting, albiet only speculation. 'Tis truth; th file you're dealing with may change between access and open. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287163 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk I am now available for general use under a modified BSD licence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.31.0103311856010.11771-100000>