Path: utzoo!mnetor!uunet!lll-winken!lll-tis!mordor!sri-spam!sri-unix!quintus!ok
From: ok@quintus.UUCP (Richard A. O'Keefe)
Newsgroups: comp.unix.wizards
Subject: access(2) (was: Writing to A NON-Existing File in "C")
Message-ID: <887@cresswell.quintus.UUCP>
Date: 20 Apr 88 02:34:20 GMT
References: <9654@jplgodo.UUCP> <14020030@hpisod2.HP.COM>
Organization: Quintus Computer Systems, Mountain View, CA
Lines: 19

In article <14020030@hpisod2.HP.COM>, decot@hpisod2.HP.COM (Dave Decot) writes:
> access(2) should not be used to determine the other access permissions
> except in setuid programs, and even then, not for testing execute
> access by setuid-root programs.

If a program which is never intended to run setuid ensures that it is
not being run setuid or setgid by doing
	my_uid = getuid();
	my_gid = getgid();
	if (geteuid() != my_uid || getegid() != my_gid) {
	    fprintf(stderr, "%s: must not run setuid or setgid", programname);
	    exit(1);
	}

where is the harm in subsequently using access(2) to test for permission to
read or write a file?

Is there any legitimate reason why someone might take a program which was
not originally designed to run setuid or setguid and do chmod u+s
or chmod g+s to it?