Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: access(2)--a security hole?

From: jmason () iona ie (Justin Mason)
Date: Fri, 21 Oct 1994 11:50:02 +0100

In your message of Thu, 20 Oct 1994 21:41:48 BST, you say:


the FreeBSD man page for access(2) includes a section titled "CAVEAT" 
which says that "Access() is a potential security hole and should never 
be used."


hmmm..... access(2) uses the REAL uid, not the EFFECTIVE uid when
testing permissions. The idea is that, when you write a setuid program,
you can check to see if the user has permission to access a file while
you have euid==root. Eg.

real uid = user
eff uid = root

The problem I found with using access is that it's actually easier
just to flip real and effective uids, test writability, open the file, etc.
then flip the uids back. If you use normal code, you only have to
worry about the effective uid; however, if you use access(), you have
to worry about both real and eff uid.

Actually, that's not really a security hole, just additional complexity.
Maybe access() on FreeBSD is a different matter. At least, the access
manpages on sunos and solaris don't mention any holes...

--j.
Previous By Date Next
Previous By Thread Next

Current thread: