Date: Sat, 31 Mar 2001 11:02:48 -0600 From: Rick Bradley <roundeye@roundeye.net> To: Bill Moran <wmoran@iowna.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Security problems with access(2)? Message-ID: <20010331110248.A28931@negwo.roundeye.net> In-Reply-To: <3AC60925.7CF191FA@iowna.com>; from wmoran@iowna.com on Sat, Mar 31, 2001 at 11:43:17AM -0500 References: <3AC60925.7CF191FA@iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Bill Moran (wmoran@iowna.com) [010331 10:48]: [...] > Does anyone have a pointer to more detailed information on the potential > security hole in access()? I've got a bit more research to do on this, > but I'd appreciate any pointers to speed me along. I'd say they docs are referring to the potential race condition: - Program calls access() to see if user has authority to open a file and gets an affirmative result - User swaps file with another file (say a link to the password file) - Program calls open() on the file, which has been replaced since the call to access() If the program is running with more privileges than the user this is a truck-sized hole (or at least SUV-sized). Rick -- Rick Bradley / http://www.roundeye.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010331110248.A28931>