From owner-freebsd-questions Sat Mar 31 11:55:43 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 14B5437B718 for ; Sat, 31 Mar 2001 11:55:40 -0800 (PST) (envelope-from mwm@mired.org) Received: (qmail 83045 invoked by uid 100); 31 Mar 2001 19:55:38 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15046.13882.845275.101113@guru.mired.org> Date: Sat, 31 Mar 2001 13:55:38 -0600 To: Bill Moran Cc: questions@freebsd.org Subject: Re: access() system call In-Reply-To: <35769801@toto.iv> X-Mailer: VM 6.89 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Bill Moran types: > This may be a question for -hackers, but I'll try here first. > > In the man page for the access(2) syscall, it states "access() is a > potential security hole and should never be used." > > I have 3 questions regarding this: > > 1. What should I use instead? As others have indicated, stat. > 2. Is there any more information on why access() is such a terrible > security hole? I'd say the following quote from the man page pretty much covers it: Even if a process has appropriate privileges and indicates success for X_OK, the file may not actually have execute permission bits set. Like- wise for R_OK and W_OK. One of the common uses for access is to check the privileges of the real user in a program that has enhanced it's privileges via set?id. Since access can get this wrong, trusting it is a security hole. You have to either check things yourself via stat (and don't forget to check all the directories along the path as well), or surrender the enhanced privileges before attempting the operation you're authorizing with access. If you're not using enhanced privileges, then this isn't a problem - just use access, and be prepared for things to fail. > 3. Does not access(1) use access(2)? If so, that would make access(1) a > security problem. Which is not documented in the man page (or anywhere > else that I can find) I'm not sure why it's relevant, but the sources to everything are available. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message