Bugtraq mailing list archives
Re: access(2)--a security hole?
From: scs () lokkur dexter mi us (Steve Simmons)
Date: Sat, 22 Oct 1994 18:04:17 -0400
In bugtraq various folks wrote:
The security hole in access() is really that it has an implicit race condition in it. You check a file, and then you assume moments later that the same access is granted. So, if the file is a really a symlink, and someone changes where it points to between the access() and the open(), a completely different file might be affected. This is the root of many of the holes that get posted here (xterm, /bin/mail come to mind).
The obvious correct coding is to open *first*, then check access, and close it back up if you shouldn't have opened it.
Current thread:
- Re: access(2)--a security hole? Jeremy Epstein -C2 PROJECT (Oct 21)
- <Possible follow-ups>
- Re: access(2)--a security hole? Jeremy Epstein -C2 PROJECT (Oct 21)
- Re: access(2)--a security hole? der Mouse (Oct 21)
- Re: access(2)--a security hole? Steve Simmons (Oct 22)
- Re: access(2)--a security hole? Kayvan Sylvan (Oct 22)
- Re: access(2)--a security hole? Howie Kaye (Oct 22)
- Re: access(2)--a security hole? der Mouse (Oct 22)