Date: Tue, 8 Oct 2002 14:32:27 -0400 From: The Anarcat <anarcat@anarcat.ath.cx> To: FreeBSD Security Issues <FreeBSD-security@FreeBSD.ORG> Subject: access() is a security hole? Message-ID: <20021008183227.GC309@lenny.anarcat.ath.cx>
next in thread | raw e-mail | index | archive | help
--c3bfwLpm8qysLVxt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The access(2) manpage mentions an obscure security hole in access(2). How so? " CAVEAT Access() is a potential security hole and should never be used. " This seems to have been part of the manpage forever, or so to speak, so I really wonder what it's talking about. :) And if it's really that serious of a security hole, why isn't there a compiler warning similar to the use of mktemp() when linking against it? Thanks, A. --=20 Stop the bombings. Stop the murders. Anti-war. --c3bfwLpm8qysLVxt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9oyS7ttcWHAnWiGcRAhiuAJ4pxlAvYtVcl9NlCFDx/d11VEHYwwCeKigW eMq8DB5c0NqR5ptM3TRxOQA= =Jxck -----END PGP SIGNATURE----- --c3bfwLpm8qysLVxt-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021008183227.GC309>