From owner-freebsd-audit  Mon Jul 30 11:27:10 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from coffee.q9media.com (coffee.q9media.com [216.94.229.19])
	by hub.freebsd.org (Postfix) with ESMTP
	id A806737B401; Mon, 30 Jul 2001 11:26:55 -0700 (PDT)
	(envelope-from mike@coffee.q9media.com)
Received: (from mike@localhost)
	by coffee.q9media.com (8.11.2/8.11.2) id f6UIjgC92144;
	Mon, 30 Jul 2001 14:45:42 -0400 (EDT)
	(envelope-from mike)
Date: Mon, 30 Jul 2001 14:45:42 -0400
From: Mike Barcroft <mike@FreeBSD.ORG>
To: Yar Tikhiy <yar@FreeBSD.ORG>
Cc: audit@FreeBSD.ORG
Subject: Re: finger(1) & fingerd(8)
Message-ID: <20010730144542.A92125@coffee.q9media.com>
References: <20010728155159.A35483@snark.rinet.ru> <20010728144554.C86837@coffee.q9media.com> <20010730212257.C26476@comp.chem.msu.su>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010730212257.C26476@comp.chem.msu.su>; from yar@FreeBSD.ORG on Mon, Jul 30, 2001 at 09:22:57PM +0400
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

On Mon, Jul 30, 2001 at 09:22:57PM +0400, Yar Tikhiy wrote:
> On Sat, Jul 28, 2001 at 02:45:54PM -0400, Mike Barcroft wrote:
> >
> > [...]
> > >   if (access(buf, F_OK) == 0)
> > >           return 1;
> > [...]
> >
> > I know this isn't your code, but this should also probably use open(2)
> > as well.
>
> First, I must have missed something, but why is access(2)
> a bad thing at this particular point?

There probably aren't any security problems with the use of access(2) 
in this code.  That is, I don't see any race conditions.  But to my
understanding, use of access(2) is discouraged.  From the access(2)
man page:

CAVEAT
     Access() is a potential security hole and should never be used.

> Second, open(2) can't be used as a drop-in replacement for access(..,
> F_OK) here because it can't tell permission errors on a directory from
> those on a file itself. IMHO stat(2) should be used here if the
> historical behaviour of finger(1) is to be preserved.

I'm afraid I don't understand what you mean.  How does 
access(buf, F_OK) differ from open(buf, O_RDONLY) in terms of 
permissions in this case?  From the access(2) man page:

All components of the pathname path are checked for access
permissions (including F_OK).

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message