|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: access(2)--a security hole?
Howie Kaye (howie
columbia.edu)Fri, 21 Oct 94 11:03:14 EDT
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Karl Strickland: "Re: access(2)--a security hole?"
- Previous message: Julian Assange: "Re: access(2)--a security hole?"
- Next in thread: John DiMarco: "Re: access(2)--a security hole?"
The security hole in access() is really that it has an implicit race condition in it. You check a file, and then you assume moments later that the same access is granted. So, if the file is a really a symlink, and someone changes where it points to between the access() and the open(), a completely different file might be affected. This is the root of many of the holes that get posted here (xterm, /bin/mail come to mind). ------------------------------------------------------------ Howie Kaye howie
- Next message: Karl Strickland: "Re: access(2)--a security hole?"
- Previous message: Julian Assange: "Re: access(2)--a security hole?"
- Next in thread: John DiMarco: "Re: access(2)--a security hole?"