Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
access(2)--a security hole?Jonathan M. Bresler (jmbkryten.Atinc.COM)
Thu, 20 Oct 1994 21:41:48 -0400 (EDT)
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: *Hobbit*: "adjunct"
- Previous message: Adam Shostack: "Fingerd Summary"
- Next in thread: Justin Mason: "Re: access(2)--a security hole?"
the FreeBSD man page for access(2) includes a section titled "CAVEAT" which says that "Access() is a potential security hole and should never be used." i looked into libc source and access is a typical system call--no real source at all, just enough assembler wrapper to generate a system call with the correct arguments. the assembler is generated when libc is compiled through defines and other macros--real slick. the actual syscall is executed in /sys/kern/vfs_syscalls.c, but i cant see why this is a hole. can you enlighten me? jmb Jonathan M. Bresler jmbkryten.atinc.com | Analysis & Technology, Inc. | 2341 Jeff Davis Hwy play go. | Arlington, VA 22202 ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346