Path: utzoo!mnetor!uunet!vsi!friedl
From: friedl@vsi.UUCP (Stephen J. Friedl)
Newsgroups: comp.bugs.sys5
Subject: Re: A security hole
Message-ID: <378@vsi.UUCP>
Date: 10 Mar 88 07:51:55 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP>
Organization: V-Systems -- Santa Ana, CA
Lines: 18
Summary: only use access(2) if you *really* understand it

In article <722@rivm05.UUCP>, ccement@rivm.UUCP (Martien F v Steenbergen) writes:
> Second, when you really need a setuid program you'll have to check a lot
> of permissions etc. yourself. One system call was created to help you with
> access permissions: access(2). access(2) uses the real user IDs instead
> of the effective user IDs when checking access permissions. (Remember that
> a setuid program only changes the effective user ID of the calling process.)

comp.unix.wizards has had several recent postings on access(2).
Many people use access(2) incorrectly and it causes no end of
difficulty for those writing restricted setuid or setgid systems.
Send me a note if you want a copy of my near-flame on this with
info on how *not* to use it.

     Steve
-- 
Life : Stephen J. Friedl @ V-Systems, Inc./Santa Ana, CA   *Hi Mom*
CSNet: friedl%vsi.uucp@kent.edu  ARPA: friedl%vsi.uucp@uunet.uu.net
uucp : {kentvax, uunet, attmail, ihnp4!amdcad!uport}!vsi!friedl