[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nano-devel] Checking permissions before opening file
From: |
Mike Frysinger |
Subject: |
Re: [Nano-devel] Checking permissions before opening file |
Date: |
Mon, 25 Jan 2016 17:12:53 -0500 |
On 25 Jan 2016 16:22, Robert Funnell wrote:
> On Mon, 25 Jan 2016, Rishabh Dave wrote:
> > Replaced stat() by access() - which is in unistd.h - to check accessibility
> > of path.
> >
> > However, this replacement doesn't affect the case 'src/nano
> > /root/.nano/yuhu'. (mentioned about it because it was the case under
> > consideration last time - bug #44950 thread).
>
> The man page for access() says it creates a security hole and its use
> should be avoided. I see a lot of discussions of the issue on the Web
> and a lot of people seem to agree that it's a bad idea.
the security hole from doing access();open(); is exactly the same as doing
stat();open();. it's a TOCTOU race, not a "access() itself is bad".
i would point out that access() does not handle symlinks, it can return
bad results when run as root (since many perm bits are ignored for the
super user), and can behave diff between Linux/BSD. it's not generally
as useful as people would like to think.
-mike
signature.asc
Description: Digital signature