Code to hide inaccessible files/directories

Simo Sorce idra at samba.org
Tue Apr 17 11:59:20 GMT 2001


Just as a reminder, access (under linux) uses the real uid for testing not effective uid.
As most of teh code now (HEAD) runs with real uid 0 and effective = users uid access will never fail (eg access will be ever granted)

Don't know how it applies to 2.0.7 codebase

On Tue, Apr 17, 2001 at 07:27:23AM -0400, Bill Moran wrote:
> "Ph. Marek" wrote:
> 
> > How about a getcwd(), chdir() to the directory, loop, and chdir() back?
> > Thus one can avoid the pasting of filenames together. And getcwd() at least
> > allows to check if a larger buffer is needed. (if the current directory of
> > samba is normally /, this can even be avoided - simple do chdir(), loop,
> > chdir(/)).
> 
> Could be done. access() needs a full pathname, though (I believe) so it
> would require a different test for rights.
> 
> > >3. The access() command is considered "a security hole that should never
> > >be used" by the BSD documentation. However, I can not see how access()
> > >is a security concern _in this particular implementation_, and nobody
> > >has been able to give me an example of how it could be. If using
> > >access() makes you nervious, you could replace it with open()-with a
> > >test for success. I didn't want to do this because of the potential
> > >performance hit. Also, I don't know whether or not access() is portable
> > >to other systems (such as Linux)
> > I don't know about this security hole. Do you have some documentation
> > about it?
> 
> Race condition. If you use access() to test permissions - then perform
> some function as a result, there's a possibility for someone to change
> the permissions between those two actions. For example, you test
> access() to see if the user can open a file and find it OK to open, then
> a malicious user replaces the file with a links to passwd. You then have
> access to a file you shouldn't. Like I said, doesn't seem to apply in
> this use.
> 
> > Thanks very much, Bill!
> > 
> > I'll try to test that.
> 
> Let me know if you hit any snags.
> 
> -Bill
> 

-- 
Simo Sorce
------------------------------
 Unix IS user friendly, it is just selective about who his friends are.




More information about the samba-technical mailing list