Unless there's something else specific to freeBSD, which I do not have to check out, the problem with access is that it is used something like this: if (access(filename,permstocheck) == 0) { open("filename",whatever,whatever); ... } There's a race condition between the call to access and the call to open. Similar in principle to the race condition that causes setuid shell scripts to be a security hole. I tried this once, a long time ago because I was skeptical of this. I wrote a setuid root program that would open a symbolic link to the passwd file for reading and writing after checking it with access. I launched the program from a wrapper that changed the symbolic link between /etc/passwd and a file I legitimately had write access to under my own uid. It took, as I recall, a little over 50 tries for a success (that is, I got the passwd file). Dave Goldberg Post: The Mitre Corporation MS B020 202 Burlington Rd. Bedford, MA 01730 Phone: 617-271-3887 Domain: dsg@mitre.org UUCP: {your neighborhood}!linus!mdf!dsg