Re: access(2)--a security hole?

[jmc () gnu ai mit edu (jmc () gnu ai mit edu)]

> the FreeBSD man page for access(2) includes a section titled "CAVEAT" 
> which says that "Access() is a potential security hole and should never 
> be used."
>
> i looked into libc source and access is a typical system call--no real 
> source at all, just enough assembler wrapper to generate a system call 
> with the correct arguments.  the assembler is generated when libc is 
> compiled through defines and other macros--real slick.
>
> the actual syscall is executed in /sys/kern/vfs_syscalls.c, but i cant 
> see why this is a hole.
>
> can you enlighten me?

access(2) is a security hole because the information it returns you is what
was true, not was is currently true. This has bitten a lot of programs
xterm being one that comes to mind. BAsically using access to check file
perms of any sort is just asking for trouble since between the time access
returns and the next line of your code, those permissions and/or the file
itself may have changed.

Basically, access should never be used in any setuid program for any purpose
really. As a matter of fact, I'm not real fond of it for any use since
it's unreliable at best and leads people to beleive something is true now
that was only true once for a possible short period of time.

James