Xref: utzoo comp.unix.programmer:979 alt.sources.d:1440
Path: utzoo!utgpu!cs.utexas.edu!sun-barr!lll-winken!elroy.jpl.nasa.gov!jpl-devvax!lwall
From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Newsgroups: comp.unix.programmer,alt.sources.d
Subject: Re: -x implementations
Message-ID: <11315@jpl-devvax.JPL.NASA.GOV>
Date: 5 Feb 91 19:35:13 GMT
References: <1943:Jan2619:34:3591@kramden.acf.nyu.edu> <2856@charon.cwi.nl> <8869@star.cs.vu.nl> <1991Jan29.153242.12335@convex.com> <8896@star.cs.vu.nl> <19017@rpp386.cactus.org> <6124@segue.segue.com> <8920@star.cs.vu.nl> <6128@segue.segue.com>
Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Organization: Jet Propulsion Laboratory, Pasadena, CA
Lines: 11

The words "access()" and "security" should not be uttered in the same breath.

Any system call that uses filenames to check permissions is insecure unless
the operation you're checking permissions for is built into the same system
call.  Don't use stat() and then open(), for instance.  You have no guarantee
that the file you're opening is the same file that you stat'ed.  Use open(),
and then fstat() the descriptor, which is not subject to spoofing like
filenames are.  Don't close the file and then reopen it, either.

Larry Wall
lwall@jpl-devvax.jpl.nasa.gov