Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_4

Bugtraq archives for 4th quarter (Oct-Dec) 1994: Re: access(2)--a security hole?

Re: access(2)--a security hole?

Steve Simmons (scslokkur.dexter.mi.us)
Sat, 22 Oct 1994 18:04:17 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kayvan Sylvan: "Re: access(2)--a security hole?"
Previous message: yogomath.tau.ac.il: "Re: R utilities, addresses, etc."
Maybe in reply to: Jonathan M. Bresler: "access(2)--a security hole?"
Next in thread: Kayvan Sylvan: "Re: access(2)--a security hole?"

In bugtraq various folks wrote:

>The security hole in access() is really that it has an implicit race
>condition in it.  You check a file, and then you assume moments later that
>the same access is granted.  So, if the file is a really a symlink, and
>someone changes where it points to between the access() and the open(), a
>completely different file might be affected.  This is the root of many of
>the holes that get posted here (xterm, /bin/mail come to mind).

The obvious correct coding is to open *first*, then check access, and
close it back up if you shouldn't have opened it.

Next message: Kayvan Sylvan: "Re: access(2)--a security hole?"
Previous message: yogomath.tau.ac.il: "Re: R utilities, addresses, etc."
Maybe in reply to: Jonathan M. Bresler: "access(2)--a security hole?"
Next in thread: Kayvan Sylvan: "Re: access(2)--a security hole?"