Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_4

Bugtraq archives for 4th quarter (Oct-Dec) 1994: Re: access(2)--a security hole?

Re: access(2)--a security hole?

Jeremy Epstein -C2 PROJECT (jepsteincordant.com)
Fri, 21 Oct 1994 08:40:41 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeremy Epstein -C2 PROJECT: "Re: access(2)--a security hole?"
Previous message: Justin Mason: "Re: access(2)--a security hole?"

> the FreeBSD man page for access(2) includes a section titled "CAVEAT" 
> which says that "Access() is a potential security hole and should never 
> be used."
> 
> i looked into libc source and access is a typical system call--no real 
> source at all, just enough assembler wrapper to generate a system call 
> with the correct arguments.  the assembler is generated when libc is 
> compiled through defines and other macros--real slick.
> 
> the actual syscall is executed in /sys/kern/vfs_syscalls.c, but i cant 
> see why this is a hole.
> 
> can you enlighten me?
> 
> jmb 
> 
> Jonathan M. Bresler  jmbkryten.atinc.com         | Analysis & Technology, Inc.  
>                                                             | 2341 Jeff Davis Hwy
> play go.                                          | Arlington, VA 22202
> ride bike. hack FreeBSD.--ah the good life        | 703-418-2800 x346
> 
>

Next message: Jeremy Epstein -C2 PROJECT: "Re: access(2)--a security hole?"
Previous message: Justin Mason: "Re: access(2)--a security hole?"