From owner-freebsd-security Fri Oct 11 9:39:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E005037B401 for ; Fri, 11 Oct 2002 09:39:13 -0700 (PDT) Received: from 042.dsl6660142.ftth.surewest.net (042.dsl6660142.ftth.surewest.net [66.60.142.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41E4543E9C for ; Fri, 11 Oct 2002 09:39:13 -0700 (PDT) (envelope-from anguiano@codesourcery.com) Received: (from anguiano@localhost) by 042.dsl6660142.ftth.surewest.net (8.11.6/8.11.6) id g9BGd7f09664; Fri, 11 Oct 2002 09:39:07 -0700 To: Chris BeHanna Cc: FreeBSD Security Subject: Re: access() is a security hole? References: <20021011094935.I86274-100000@topperwein.pennasoft.com> From: Ricardo Anguiano In-Reply-To: <20021011094935.I86274-100000@topperwein.pennasoft.com> Date: 11 Oct 2002 09:39:07 -0700 Message-ID: Lines: 17 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Chris BeHanna writes: > On Fri, 11 Oct 2002, Bruce Evans wrote: > > Setuid programs should only use access() to check whether they will > > have permission after they set[ug]id() to the real [ug]id. Non-setuid > > programs mostly don't need such checks. They can just try the operation. > > Perhaps the way to avoid the race is to open the file, lock it, > and *then* call access(), then close the file or proceed based upon > the result. What's wrong with opening the file, then using fstat to check the properties of the file associated with the file descriptor? -- Ricardo Anguiano CodeSourcery, LLC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message