* Bill Moran <[EMAIL PROTECTED]> [010331 09:28] wrote:
> Rick Bradley wrote:
> >
> > * Bill Moran ([EMAIL PROTECTED]) [010331 10:48]:
> > [...]
> > > Does anyone have a pointer to more detailed information on the potential
> > > security hole in access()? I've got a bit more research to do on this,
> > > but I'd appreciate any pointers to speed me along.
> >
> > I'd say they docs are referring to the potential race condition:
> >
> > - Program calls access() to see if user has authority to open
> > a file and gets an affirmative result
> > - User swaps file with another file (say a link to the password
> > file)
> > - Program calls open() on the file, which has been replaced since
> > the call to access()
> >
> > If the program is running with more privileges than the user this
> > is a truck-sized hole (or at least SUV-sized).
>
> Ahhh ... I'd call that an aircraft-carrier sized hole. I hadn't even
> considered that possibility.
> The good news, however, is that it doesn't present any security concerns
> in the context I'll be using - since the program runs as the local user.
Yeah... ok
What if it happens to belong to another user that has set the required
permissions on it (world accessability) then swaps it with a symlink
to the running user's sensative files?
Just wondering..
--
-Alfred Perlstein - [[EMAIL PROTECTED]|[EMAIL PROTECTED]]
Represent yourself, show up at BABUG http://www.babug.org/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
