[60] in bugtraq
Re: access(2)--a security hole?
daemon@ATHENA.MIT.EDU (Jeremy Epstein -C2 PROJECT)
Fri Oct 21 10:05:08 1994
From: jepstein@cordant.com (Jeremy Epstein -C2 PROJECT)
To: bugtraq@crimelab.com
Date: Fri, 21 Oct 1994 08:40:41 -0400 (EDT)
In-Reply-To: <941021060028.554029@DOCKMASTER.NCSC.MIL> from "JJEpstein@DOCKMASTER.NCSC.MIL" at Oct 21, 94 02:00:00 am
> the FreeBSD man page for access(2) includes a section titled "CAVEAT"
> which says that "Access() is a potential security hole and should never
> be used."
>
> i looked into libc source and access is a typical system call--no real
> source at all, just enough assembler wrapper to generate a system call
> with the correct arguments. the assembler is generated when libc is
> compiled through defines and other macros--real slick.
>
> the actual syscall is executed in /sys/kern/vfs_syscalls.c, but i cant
> see why this is a hole.
>
> can you enlighten me?
>
> jmb
>
> Jonathan M. Bresler jmb@kryten.atinc.com | Analysis & Technology, Inc.
> | 2341 Jeff Davis Hwy
> play go. | Arlington, VA 22202
> ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346
>
>