From owner-freebsd-questions  Sat Mar 31 14: 6:50 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from clmboh1-smtp3.columbus.rr.com (clmboh1-smtp3.columbus.rr.com [65.24.0.112])
	by hub.freebsd.org (Postfix) with ESMTP id 3AD8137B718
	for <questions@freebsd.org>; Sat, 31 Mar 2001 14:06:47 -0800 (PST)
	(envelope-from wmoran@iowna.com)
Received: from iowna.com (dhcp065-024-023-232.columbus.rr.com [65.24.23.232])
	by clmboh1-smtp3.columbus.rr.com (8.11.2/8.11.2) with ESMTP id f2VM3ww22084;
	Sat, 31 Mar 2001 17:03:58 -0500 (EST)
Message-ID: <3AC663C1.BAFF1032@iowna.com>
Date: Sat, 31 Mar 2001 18:09:53 -0500
From: Bill Moran <wmoran@iowna.com>
X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-RC i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Jan Grant <Jan.Grant@bristol.ac.uk>
Cc: questions <questions@freebsd.org>
Subject: Re: access() system call
References: <Pine.GSO.4.31.0103312223350.11901-100000@mail.ilrt.bris.ac.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Jan Grant wrote:
> 
> On Sat, 31 Mar 2001, Mike Meyer wrote:
> 
> > Bill Moran <wmoran@iowna.com> types:
> > > This may be a question for -hackers, but I'll try here first.
> > >
> > > In the man page for the access(2) syscall, it states "access() is a
> > > potential security hole and should never be used."
> > >
> > > I have 3 questions regarding this:
> > >
> > > 1. What should I use instead?
> >
> > As others have indicated, stat.
> 
> Or better yet, drop privs (if appropriate) and just use open(2).

I think this is a somewhat unusual case ... so I'm going to explain it.

Samba server ... we do not want users that do not have access to
directories (through samba) to even _see_ that those directories exist.
This is mainly for simplicity. (i.e. there are about 200 directories in
the shared resource, the average user only has access to 5-10 of them,
depending on group membership)
In other words, we're trying to simplify the users life by not making
them sift through things that they don't have access to anyway.
So you see, calling access() will only determine whether or not the user
_sees_ a file/directory, the attempt to access it will be handled in a
completly different step, by completly different code that I won't be
modifying (since I have not reason to) so the call to access() and the
possible race condition are of no concern to me. It would also be
totally unnecessary to open() the file/directory just to check those
permissions, and probably cause a performance problem.
I'll be talking to the samba crew when I've got this working, to
recommend they add it as a config option in future versions. I'm
surprised that it doesn't already exist, considering how powerful samba
already is!

-Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message