Re: access(2)--a security hole?

Howie Kaye (howie@columbia.edu)
Fri, 21 Oct 94 11:03:14 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Karl Strickland: "Re: access(2)--a security hole?"
Previous message: Julian Assange: "Re: access(2)--a security hole?"
In reply to: Justin Mason: "Re: access(2)--a security hole?"
Next in thread: Karl Strickland: "Re: access(2)--a security hole?"

The security hole in access() is really that it has an implicit race
condition in it.  You check a file, and then you assume moments later that
the same access is granted.  So, if the file is a really a symlink, and
someone changes where it points to between the access() and the open(), a
completely different file might be affected.  This is the root of many of
the holes that get posted here (xterm, /bin/mail come to mind).

------------------------------------------------------------
Howie Kaye				howie@columbia.edu
Columbia University 			hlkcu@cuvma.bitnet
UNIX Systems Group			...!rutgers!columbia!howie

Next message: Karl Strickland: "Re: access(2)--a security hole?"
Previous message: Julian Assange: "Re: access(2)--a security hole?"
In reply to: Justin Mason: "Re: access(2)--a security hole?"
Next in thread: Karl Strickland: "Re: access(2)--a security hole?"