Bugtraq mailing list archives

Re: access(2)--a security hole?

From: scs () lokkur dexter mi us (Steve Simmons)
Date: Sat, 22 Oct 1994 18:04:17 -0400


In bugtraq various folks wrote:

The security hole in access() is really that it has an implicit race
condition in it.  You check a file, and then you assume moments later that
the same access is granted.  So, if the file is a really a symlink, and
someone changes where it points to between the access() and the open(), a
completely different file might be affected.  This is the root of many of
the holes that get posted here (xterm, /bin/mail come to mind).


The obvious correct coding is to open *first*, then check access, and
close it back up if you shouldn't have opened it.

Current thread:

Re: access(2)--a security hole? Jeremy Epstein -C2 PROJECT (Oct 21)
- <Possible follow-ups>
- Re: access(2)--a security hole? Jeremy Epstein -C2 PROJECT (Oct 21)
- Re: access(2)--a security hole? der Mouse (Oct 21)
- Re: access(2)--a security hole? Steve Simmons (Oct 22)
  - Re: access(2)--a security hole? Kayvan Sylvan (Oct 22)
- Re: access(2)--a security hole? Howie Kaye (Oct 22)
- Re: access(2)--a security hole? der Mouse (Oct 22)