tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] Fix system() behaviour when parameter is NULL



On Thu, Aug 28, 2008 at 02:26:28PM -0400, Steven M. Bellovin wrote:
> Better wording of the warning might be something like
> 
>       Although access() checks the real uid's permissions, it should
>       never be used for access permission checks by setuid() programs.

Or maybe like:

        The file's permissions may change between the call to access(2)
        and any subsequent action performed based on the result.
        It should never be used for security checks by setuid() programs.

        David

-- 
David Laight: david%l8s.co.uk@localhost


Home | Main Index | Thread Index | Old Index