Date: Sat, 31 Mar 2001 18:09:53 -0500 From: Bill Moran <wmoran@iowna.com> To: Jan Grant <Jan.Grant@bristol.ac.uk> Cc: questions <questions@freebsd.org> Subject: Re: access() system call Message-ID: <3AC663C1.BAFF1032@iowna.com> References: <Pine.GSO.4.31.0103312223350.11901-100000@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Jan Grant wrote: > > On Sat, 31 Mar 2001, Mike Meyer wrote: > > > Bill Moran <wmoran@iowna.com> types: > > > This may be a question for -hackers, but I'll try here first. > > > > > > In the man page for the access(2) syscall, it states "access() is a > > > potential security hole and should never be used." > > > > > > I have 3 questions regarding this: > > > > > > 1. What should I use instead? > > > > As others have indicated, stat. > > Or better yet, drop privs (if appropriate) and just use open(2). I think this is a somewhat unusual case ... so I'm going to explain it. Samba server ... we do not want users that do not have access to directories (through samba) to even _see_ that those directories exist. This is mainly for simplicity. (i.e. there are about 200 directories in the shared resource, the average user only has access to 5-10 of them, depending on group membership) In other words, we're trying to simplify the users life by not making them sift through things that they don't have access to anyway. So you see, calling access() will only determine whether or not the user _sees_ a file/directory, the attempt to access it will be handled in a completly different step, by completly different code that I won't be modifying (since I have not reason to) so the call to access() and the possible race condition are of no concern to me. It would also be totally unnecessary to open() the file/directory just to check those permissions, and probably cause a performance problem. I'll be talking to the samba crew when I've got this working, to recommend they add it as a config option in future versions. I'm surprised that it doesn't already exist, considering how powerful samba already is! -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC663C1.BAFF1032>