Re: access() is a security hole?

From: The Anarcat (
Date: 10/08/02

Date: Tue, 8 Oct 2002 16:37:59 -0400
From: The Anarcat <>
To: Fernando Schapachnik <>

On Tue Oct 08, 2002 at 03:42:04PM -0300, Fernando Schapachnik wrote:
> En un mensaje anterior, The Anarcat escribió:
> > The access(2) manpage mentions an obscure security hole in
> > access(2). How so?
> >
> > "
> > Access() is a potential security hole and should never be used.
> It might have to do with the fact that file permissions can change
> between the access() call and the open() call. The preferred way is
> to use fstat() that takes an open fd.

Just what I thought. The man page should be more precise. The way I
read it, there is a security bug in access(2) which is not the

I'll try to come up with an update to the manpage.


Advertisers, not governments, are the primary censors of media content 
in the United States today.
                        - C. Edwin Baker

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message