Re: [Nano-devel] Checking permissions before opening file

[Rishabh Dave]

Well, I don't know much about issues of security, portability or while running as superuser, but symbolic links won't give a problem as we check for that before using access() -

+    } else if (!S_ISDIR(parentinfo.st_mode)) {
+    statusbar(_("Path '%s' is not a directory"), parentdir);
+    beep();
+    } else {
+    if (access(parentdir, X_OK) != -1)

On Tue, Jan 26, 2016 at 3:42 AM, Mike Frysinger <address@hidden> wrote:

On 25 Jan 2016 16:22, Robert Funnell wrote:
> On Mon, 25 Jan 2016, Rishabh Dave wrote:
> > Replaced stat() by access() - which is in unistd.h - to check accessibility
> > of path.
> >
> > However, this replacement doesn't affect the case 'src/nano
> > /root/.nano/yuhu'. (mentioned about it because it was the case under
> > consideration last time -  bug #44950 thread).
>
> The man page for access() says it creates a security hole and its use
> should be avoided. I see a lot of discussions of the issue on the Web
> and a lot of people seem to agree that it's a bad idea.

the security hole from doing access();open(); is exactly the same as doing
stat();open();.  it's a TOCTOU race, not a "access() itself is bad".

i would point out that access() does not handle symlinks, it can return
bad results when run as root (since many perm bits are ignored for the
super user), and can behave diff between Linux/BSD.  it's not generally
as useful as people would like to think.
-mike