Bugtraq mailing list archives
Re: access(2)--a security hole?
From: jdd () cdf toronto edu (John DiMarco)
Date: Fri, 21 Oct 1994 18:24:43 -0400
In message <Pine.3.89.9410220146.A7679-0100000 () suburbia apana org au> Julian Assange writes:
Access(2)/(3) is inherently insecure because its argument is a file-name not a file descriptor, meaning it is vulnerable to race conditions, which mean that a link or file with different permissions could be implanted over the file that access passed.
It's probably worth mentioning that stat and lstat are no better than access in this regard. It's a general coding problem, not one specific to access. The best way to avoid the race condition problem is to stat the file, open it, fstat the opened file descriptor, and compare the results of the two stats. If they're different (eg. st_ino differs), somebody messed with the file between the first stat and the second. As Julian points out, access doesn't have a file descriptor variant (i.e. there's no "faccess"), so you can't do the same trick with access. Note that it's not good enough to do an access, then open, then another access, because somebody could mess with the file between the first access and the open, and then put everything back the way it was between the open and the second access. It's a trickier race for the bad guy to win, but it's still possible. Regards, John -- John DiMarco <jdd () cdf toronto edu> Office: EA201B Computing Disciplines Facility Systems Manager Phone: 416-978-1928 University of Toronto Fax: 416-978-1931 http://www.cdf.toronto.edu/personal/jdd/jdd.html
Current thread:
- Re: R utilities, addresses, etc., (continued)
- Re: R utilities, addresses, etc. Charles Howes (Oct 21)
- Fingerd Summary Adam Shostack (Oct 20)
- Re: Fingerd Summary Stephen Gildea (Oct 21)
- Re: Fingerd Summary Adam Shostack (Oct 21)
- Re: Fingerd Summary KevinTX (Oct 21)
- access(2)--a security hole? Jonathan M. Bresler (Oct 20)
- Re: access(2)--a security hole? Justin Mason (Oct 21)
- Re: access(2)--a security hole? Dave Goldberg (Oct 21)
- Re: access(2)--a security hole? Karl Strickland (Oct 21)
- Re: access(2)--a security hole? Julian Assange (Oct 21)
- Re: access(2)--a security hole? John DiMarco (Oct 21)
- Re: access(2)--a security hole? jmc () gnu ai mit edu (Oct 21)
- adjunct *Hobbit* (Oct 20)