Re: access(2)--a security hole?

Steve Simmons (scs@lokkur.dexter.mi.us)
Sat, 22 Oct 1994 18:04:17 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kayvan Sylvan: "Re: access(2)--a security hole?"
Previous message: yogo@math.tau.ac.il: "Re: R utilities, addresses, etc."
Maybe in reply to: Jonathan M. Bresler: "access(2)--a security hole?"
Next in thread: Kayvan Sylvan: "Re: access(2)--a security hole?"

In bugtraq various folks wrote:

>The security hole in access() is really that it has an implicit race
>condition in it.  You check a file, and then you assume moments later that
>the same access is granted.  So, if the file is a really a symlink, and
>someone changes where it points to between the access() and the open(), a
>completely different file might be affected.  This is the root of many of
>the holes that get posted here (xterm, /bin/mail come to mind).

The obvious correct coding is to open *first*, then check access, and
close it back up if you shouldn't have opened it.

Next message: Kayvan Sylvan: "Re: access(2)--a security hole?"
Previous message: yogo@math.tau.ac.il: "Re: R utilities, addresses, etc."
Maybe in reply to: Jonathan M. Bresler: "access(2)--a security hole?"
Next in thread: Kayvan Sylvan: "Re: access(2)--a security hole?"