Bugtraq mailing list archives
access(2)--a security hole?
From: jmb () kryten Atinc COM (Jonathan M. Bresler)
Date: Thu, 20 Oct 1994 21:41:48 -0400 (EDT)
the FreeBSD man page for access(2) includes a section titled "CAVEAT"
which says that "Access() is a potential security hole and should never
be used."
i looked into libc source and access is a typical system call--no real
source at all, just enough assembler wrapper to generate a system call
with the correct arguments. the assembler is generated when libc is
compiled through defines and other macros--real slick.
the actual syscall is executed in /sys/kern/vfs_syscalls.c, but i cant
see why this is a hole.
can you enlighten me?
jmb
Jonathan M. Bresler jmb () kryten atinc com | Analysis & Technology, Inc.
| 2341 Jeff Davis Hwy
play go. | Arlington, VA 22202
ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346
Current thread:
- Re: Internet Worm, (continued)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
- Re: Internet Worm F. L. Charles Seeger III (Oct 20)
- Re: Internet Worm smb () research att com (Oct 19)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: R utilities, addresses, etc. Alexander L. Haiut (Oct 20)
- Re: R utilities, addresses, etc. Charles Howes (Oct 21)
- Fingerd Summary Adam Shostack (Oct 20)
- Re: Fingerd Summary Stephen Gildea (Oct 21)
- Re: Fingerd Summary Adam Shostack (Oct 21)
- Re: Fingerd Summary KevinTX (Oct 21)
- R utilities, addresses, etc. Charles Howes (Oct 20)
- Re: Internet Worm jim () Tadpole COM (Oct 19)
- access(2)--a security hole? Jonathan M. Bresler (Oct 20)
- Re: access(2)--a security hole? Justin Mason (Oct 21)
- Re: access(2)--a security hole? Dave Goldberg (Oct 21)
- Re: access(2)--a security hole? Karl Strickland (Oct 21)
- Re: access(2)--a security hole? Julian Assange (Oct 21)
- Re: access(2)--a security hole? John DiMarco (Oct 21)
- Re: access(2)--a security hole? jmc () gnu ai mit edu (Oct 21)
- adjunct *Hobbit* (Oct 20)