From owner-freebsd-hackers Sat Mar 31 13:44:23 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from mass.dis.org (mass.dis.org [216.240.45.41]) by hub.freebsd.org (Postfix) with ESMTP id 7D5AC37B719 for ; Sat, 31 Mar 2001 13:44:20 -0800 (PST) (envelope-from msmith@mass.dis.org) Received: from mass.dis.org (localhost [127.0.0.1]) by mass.dis.org (8.11.2/8.11.2) with ESMTP id f2VLiP301397; Sat, 31 Mar 2001 13:44:25 -0800 (PST) (envelope-from msmith@mass.dis.org) Message-Id: <200103312144.f2VLiP301397@mass.dis.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Jordan DeLong Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Security problems with access(2)? In-reply-to: Your message of "Sun, 01 Apr 2001 14:33:48 PDT." <20010401143348.A74357@cx420564-b.tucson1.az.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 31 Mar 2001 13:44:25 -0800 From: Mike Smith Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > in a project I'm currently working on I use the access(2) call when > going through a path for plugins to load. For each : delim on the path > it does an access(2) to see if there is a file there, and then it > uses dlopen(3) to open the file as a share object, and responds > appropriatly to any errors it may recieve from the dlopen(3) > call. > > I'd like to offer this as an example of a reasonable, and noninsecure > usage of access (please correct me if I'm wrong). I'm not worried about > if the file is created after the access call: I'm just using the > access call to avoid having to do a dlopen() on every : delim > in the path. > > Thoughts? If you're going to dlopen(3) it anyway, calling access(2) is just a waste of time. This is the most benign misuse of access(2), it's certainly not a "reasonable" example however. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] V I C T O R Y N O T V E N G E A N C E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message