Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 31 Mar 2001 11:02:48 -0600
From:      Rick Bradley <roundeye@roundeye.net>
To:        Bill Moran <wmoran@iowna.com>
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: Security problems with access(2)?
Message-ID:  <20010331110248.A28931@negwo.roundeye.net>
In-Reply-To: <3AC60925.7CF191FA@iowna.com>; from wmoran@iowna.com on Sat, Mar 31, 2001 at 11:43:17AM -0500
References:  <3AC60925.7CF191FA@iowna.com>

next in thread | previous in thread | raw e-mail | index | archive | help
* Bill Moran (wmoran@iowna.com) [010331 10:48]:
[...]
> Does anyone have a pointer to more detailed information on the potential
> security hole in access()? I've got a bit more research to do on this,
> but I'd appreciate any pointers to speed me along.

I'd say they docs are referring to the potential race condition:

 - Program calls access() to see if user has authority to open
   a file and gets an affirmative result
 - User swaps file with another file (say a link to the password
   file)
 - Program calls open() on the file, which has been replaced since
   the call to access()

If the program is running with more privileges than the user this
is a truck-sized hole (or at least SUV-sized).

Rick
--
 Rick Bradley / http://www.roundeye.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010331110248.A28931>