Code to hide inaccessible files/directories

Bill Moran wmoran at iowna.com
Tue Apr 17 11:27:23 GMT 2001


"Ph. Marek" wrote:

> How about a getcwd(), chdir() to the directory, loop, and chdir() back?
> Thus one can avoid the pasting of filenames together. And getcwd() at least
> allows to check if a larger buffer is needed. (if the current directory of
> samba is normally /, this can even be avoided - simple do chdir(), loop,
> chdir(/)).

Could be done. access() needs a full pathname, though (I believe) so it
would require a different test for rights.

> >3. The access() command is considered "a security hole that should never
> >be used" by the BSD documentation. However, I can not see how access()
> >is a security concern _in this particular implementation_, and nobody
> >has been able to give me an example of how it could be. If using
> >access() makes you nervious, you could replace it with open()-with a
> >test for success. I didn't want to do this because of the potential
> >performance hit. Also, I don't know whether or not access() is portable
> >to other systems (such as Linux)
> I don't know about this security hole. Do you have some documentation
> about it?

Race condition. If you use access() to test permissions - then perform
some function as a result, there's a possibility for someone to change
the permissions between those two actions. For example, you test
access() to see if the user can open a file and find it OK to open, then
a malicious user replaces the file with a links to passwd. You then have
access to a file you shouldn't. Like I said, doesn't seem to apply in
this use.

> Thanks very much, Bill!
> 
> I'll try to test that.

Let me know if you hit any snags.

-Bill




More information about the samba-technical mailing list