Code to hide inaccessible files/directories

Ph. Marek marek at bmlv.gv.at
Tue Apr 17 12:40:46 GMT 2001


>Could be done. access() needs a full pathname, though (I believe) so it
>would require a different test for rights.
AFAIK a relative path is enough.

>Race condition. If you use access() to test permissions - then perform
>some function as a result, there's a possibility for someone to change
>the permissions between those two actions. For example, you test
>access() to see if the user can open a file and find it OK to open, then
>a malicious user replaces the file with a links to passwd. You then have
>access to a file you shouldn't. Like I said, doesn't seem to apply in
>this use.
Well, with a network file system many strange things can happen ...

Regards,

Phil





More information about the samba-technical mailing list