On Mon, Dec 08, 2003 at 12:02:07PM -0500, Thor Lancelot Simon wrote:
> The one gotcha is that when using a gross hack like we do
> for AUTH_UNIX, one needs to be careful not to allow _more_ rights than
> were allowed at open() time, lest one create a security problem that can
> be exploited by opening a file the owner doesn't have write permission
> to, for example, then using that descriptor to write it after the open.

The checks for that are all in the layers above, so that isn't a problem.

- Frank

-- 
Frank van der Linden                                            fvdl@netbsd.org
===============================================================================
NetBSD. Free, Unix-like OS. > 45 different platforms.    http://www.netbsd.org/