[74] in bugtraq
Re: access(2)--a security hole?
daemon@ATHENA.MIT.EDU (Steve Simmons)
Sat Oct 22 20:01:11 1994
Date: Sat, 22 Oct 1994 18:04:17 -0400
From: Steve Simmons <scs@lokkur.dexter.mi.us>
To: bugtraq@crimelab.com
In bugtraq various folks wrote:
>The security hole in access() is really that it has an implicit race
>condition in it. You check a file, and then you assume moments later that
>the same access is granted. So, if the file is a really a symlink, and
>someone changes where it points to between the access() and the open(), a
>completely different file might be affected. This is the root of many of
>the holes that get posted here (xterm, /bin/mail come to mind).
The obvious correct coding is to open *first*, then check access, and
close it back up if you shouldn't have opened it.
