A security hole
Stephen J. Friedl
friedl at vsi.UUCP
Thu Mar 10 17:51:55 AEST 1988
In article <722 at rivm05.UUCP>, ccement at rivm.UUCP (Martien F v Steenbergen) writes:
> Second, when you really need a setuid program you'll have to check a lot
> of permissions etc. yourself. One system call was created to help you with
> access permissions: access(2). access(2) uses the real user IDs instead
> of the effective user IDs when checking access permissions. (Remember that
> a setuid program only changes the effective user ID of the calling process.)
comp.unix.wizards has had several recent postings on access(2).
Many people use access(2) incorrectly and it causes no end of
difficulty for those writing restricted setuid or setgid systems.
Send me a note if you want a copy of my near-flame on this with
info on how *not* to use it.
Steve
--
Life : Stephen J. Friedl @ V-Systems, Inc./Santa Ana, CA *Hi Mom*
CSNet: friedl%vsi.uucp at kent.edu ARPA: friedl%vsi.uucp at uunet.uu.net
uucp : {kentvax, uunet, attmail, ihnp4!amdcad!uport}!vsi!friedl
More information about the Comp.bugs.sys5
mailing list