Return to BSD News archive
Newsgroups: comp.os.386bsd.bugs Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!sgi!geezer.denver.sgi.com!rhyolite.wpd.sgi.com!calcite!vjs From: vjs@calcite.rhyolite.com (Vernon Schryver) Subject: Re: [NetBSD V0.9] Crontab Security Problem References: <MARK_WEAVER.93Dec18202545@localhost.cs.brown.edu> <CI9yvx.CIJ@puffin.uucp> <MARK_WEAVER.93Dec20031602@tonto-slip14.cis.brown.edu> Organization: Rhyolite Software Date: Mon, 20 Dec 1993 15:50:49 GMT Message-ID: <CICC0q.58M@calcite.rhyolite.com> Lines: 21 In article <MARK_WEAVER.93Dec20031602@tonto-slip14.cis.brown.edu> Mark_Weaver@brown.edu writes: >.... >Your patch creates a race condition. Consider the following scenario: > >touch myfile >(crontab -r myfile &);usleep 10;ln -sf /etc/master.passwd myfile > >If you adjust the usleep properly so that the ln happens between the >access call and the fopen call, then you've got the password file. >For this reason, access(2) is completely useless to enforce the >security of setuid root programs. That's a very good reason for not using access(2). What might be a slightly less interesting reason for the crontab command, except for diskless machines, is that access(2) dos not tell you about an NFS mounted file. What the client thinks the server woud do should the server actually be sent a read request is not always what the server does. Vernon Schryver vjs@rhyolite.com