Date: Mon, 30 Jul 2001 14:45:42 -0400 From: Mike Barcroft <mike@FreeBSD.ORG> To: Yar Tikhiy <yar@FreeBSD.ORG> Cc: audit@FreeBSD.ORG Subject: Re: finger(1) & fingerd(8) Message-ID: <20010730144542.A92125@coffee.q9media.com> In-Reply-To: <20010730212257.C26476@comp.chem.msu.su>; from yar@FreeBSD.ORG on Mon, Jul 30, 2001 at 09:22:57PM %2B0400 References: <20010728155159.A35483@snark.rinet.ru> <20010728144554.C86837@coffee.q9media.com> <20010730212257.C26476@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 30, 2001 at 09:22:57PM +0400, Yar Tikhiy wrote:
> On Sat, Jul 28, 2001 at 02:45:54PM -0400, Mike Barcroft wrote:
> >
> > [...]
> > > if (access(buf, F_OK) == 0)
> > > return 1;
> > [...]
> >
> > I know this isn't your code, but this should also probably use open(2)
> > as well.
>
> First, I must have missed something, but why is access(2)
> a bad thing at this particular point?
There probably aren't any security problems with the use of access(2)
in this code. That is, I don't see any race conditions. But to my
understanding, use of access(2) is discouraged. From the access(2)
man page:
CAVEAT
Access() is a potential security hole and should never be used.
> Second, open(2) can't be used as a drop-in replacement for access(..,
> F_OK) here because it can't tell permission errors on a directory from
> those on a file itself. IMHO stat(2) should be used here if the
> historical behaviour of finger(1) is to be preserved.
I'm afraid I don't understand what you mean. How does
access(buf, F_OK) differ from open(buf, O_RDONLY) in terms of
permissions in this case? From the access(2) man page:
All components of the pathname path are checked for access
permissions (including F_OK).
Best regards,
Mike Barcroft
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010730144542.A92125>