Re: access() is a security hole?
From: Jan Grant (Jan.Grant@bristol.ac.uk)
Date: 10/08/02
- Next message: The Anarcat: "Re: access() is a security hole?"
- Previous message: The Anarcat: "access() is a security hole?"
- In reply to: The Anarcat: "access() is a security hole?"
- Next in thread: The Anarcat: "Re: access() is a security hole?"
- Reply: The Anarcat: "Re: access() is a security hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Oct 2002 20:25:32 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: The Anarcat <anarcat@anarcat.ath.cx>
On Tue, 8 Oct 2002, The Anarcat wrote:
> The access(2) manpage mentions an obscure security hole in
> access(2). How so?
>
> "
> CAVEAT
> Access() is a potential security hole and should never be used.
> "
>
> This seems to have been part of the manpage forever, or so to speak,
> so I really wonder what it's talking about. :)
Race conditions. Rather than using access, the idea is presumably that
you drop privs and try to actually access the object, getting a file
handle in the process.
Canonical counterexample, IIRC, is samba.
-- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Ever see something and think, "I've gotta leverage me some of that?" Odds are, you were looking at a synergy and didn't even know it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: The Anarcat: "Re: access() is a security hole?"
- Previous message: The Anarcat: "access() is a security hole?"
- In reply to: The Anarcat: "access() is a security hole?"
- Next in thread: The Anarcat: "Re: access() is a security hole?"
- Reply: The Anarcat: "Re: access() is a security hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
