Return to BSD News archive
Newsgroups: comp.os.386bsd.bugs Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!elroy.jpl.nasa.gov!usc!cs.utexas.edu!uunet!emba-news.uvm.edu!aix3.emba.uvm.edu!wollman From: wollman@aix3.emba.uvm.edu (Garrett Wollman) Subject: Re: [NetBSD V0.9] Crontab Security Problem Message-ID: <1993Dec20.144445.22423@emba.uvm.edu> Sender: news@emba.uvm.edu Organization: University of Vermont, EMBA Computer Facility References: <9312171222.AA01518@fee.unicamp.br> <CI76zM.7qw@Colorado.EDU> <MARK_WEAVER.93Dec18202545@localhost.cs.brown.edu> <CI9yvx.CIJ@puffin.uucp> Date: Mon, 20 Dec 1993 14:44:45 GMT Lines: 19 In article <CI9yvx.CIJ@puffin.uucp>, Pete Carah <pete@puffin.uucp> wrote: >access(2) uses the REuid for checks; it was meant for exactly this use. >We don't have to check errno for permissions; it doesn't matter why >access(2) fails. And, as I pointed out on a FreeBSD mailing list, using access() for anything of the sort is almost always incorrect because of the race condition that it introduces. (This is the exact same race condition which made set-id shell scripts insecure in the original 4.2 implementation.) -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@emba.uvm.edu | Shashish is the bonding of hearts in spite of distance. uvm-gen!wollman | It is a bond more powerful than absence. We like people UVM disagrees. | who like Shashish. - Claude McKenzie + Florent Vollant