> the FreeBSD man page for access(2) includes a section titled "CAVEAT" > which says that "Access() is a potential security hole and should never > be used." > > i looked into libc source and access is a typical system call--no real > source at all, just enough assembler wrapper to generate a system call > with the correct arguments. the assembler is generated when libc is > compiled through defines and other macros--real slick. > > the actual syscall is executed in /sys/kern/vfs_syscalls.c, but i cant > see why this is a hole. > > can you enlighten me? > > jmb > > Jonathan M. Bresler jmb@kryten.atinc.com | Analysis & Technology, Inc. > | 2341 Jeff Davis Hwy > play go. | Arlington, VA 22202 > ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346 > >