Date: Tue, 8 Oct 2002 14:32:27 -0400 From: The Anarcat <anarcat@anarcat.ath.cx> To: FreeBSD Security Issues <FreeBSD-security@FreeBSD.ORG> Subject: access() is a security hole? Message-ID: <20021008183227.GC309@lenny.anarcat.ath.cx>
next in thread | raw e-mail | index | archive | help
--c3bfwLpm8qysLVxt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
The access(2) manpage mentions an obscure security hole in
access(2). How so?
"
CAVEAT
Access() is a potential security hole and should never be used.
"
This seems to have been part of the manpage forever, or so to speak,
so I really wonder what it's talking about. :) And if it's really that
serious of a security hole, why isn't there a compiler warning similar
to the use of mktemp() when linking against it?
Thanks,
A.
--=20
Stop the bombings.
Stop the murders.
Anti-war.
--c3bfwLpm8qysLVxt
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9oyS7ttcWHAnWiGcRAhiuAJ4pxlAvYtVcl9NlCFDx/d11VEHYwwCeKigW
eMq8DB5c0NqR5ptM3TRxOQA=
=Jxck
-----END PGP SIGNATURE-----
--c3bfwLpm8qysLVxt--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021008183227.GC309>