Date: Sat, 31 Mar 2001 18:25:33 -0500 From: Bill Moran <wmoran@iowna.com> To: Mike Smith <msmith@FreeBSD.ORG> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Security problems with access(2)? - off topic Message-ID: <3AC6676D.C5E4771B@iowna.com> References: <200103312158.f2VLwo301522@mass.dis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Smith wrote: > This is actually an interesting case. I have some interesting clients. The reality of the matter is that their filesystem organization on the server is terrible. This could all be solved with a properly reorganized directory hierarchy - and that was my first suggestion when they complained. However, it'll be cheaper for me to tweak Samba than to correct their disorganization, since they have apps that expect things to be in certain places, and users who aren't terribly educated (or cooperative). > The canonical answer is that you're wrong, and you should use stat(2) for > this purpose. That's why I gave the scenerio. > However it's fair to assume that with ACLs entering the picture, > access(2) may actually given you a better answer. I would poke the > TrustedBSD people to be certain about this, though. Another argument in favor of access() is that the fix (for the time being) is: if (!access(n,R_OK) ) continue; Which is about the simplest tweak I've ever made to a program. stat() would not take a lot more work, but being as lazy as I am, I'll use access() now that I know it's safe in this situation. I know nothing of ACLs, so you've just indicated that there's something new I need to learn. I'm also going to have to get up to date with what TrustedBSD is doing, as I haven't been watching them much. Thanks for the feedback, Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC6676D.C5E4771B>