Date: Sat, 31 Mar 2001 18:15:25 +0200 (CEST) From: Paul Herman <pherman@frenchfries.net> To: Edwin Groothuis <edwin@mavetju.org> Cc: Bill Moran <wmoran@iowna.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: access() system call Message-ID: <Pine.BSF.4.33.0103311759190.13408-100000@husten.security.at12.de> In-Reply-To: <20010331165151.J490@cgmd76206.chello.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 31 Mar 2001, Edwin Groothuis wrote: > > 2. Is there any more information on why access() is such a terrible > > security hole? > > I'm also wondering about it. Just a hunch, but maybe because of a possible race condition between checking for a file's existence and opening it for use. fstat(2) is already passed an open file descriptor so you get the real McCoy. The stat(2) and access(2) system calls look as if they do pretty much the same to me, perhaps stat(2) should also carry such a warning in the manpage? -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103311759190.13408-100000>