Code to hide inaccessible files/directories
wmoran at iowna.com
Tue Apr 17 20:58:37 GMT 2001
>Race condition. If you use access() to test permissions - then perform
>some function as a result, there's a possibility for someone to change
>the permissions between those two actions. For example, you test
>access() to see if the user can open a file and find it OK to open, then
>a malicious user replaces the file with a links to passwd. You then have
>access to a file you shouldn't. Like I said, doesn't seem to apply in
Well, with a network file system many strange things can happen ...
Still ... I can't see how it would do anything worse than show a file that
the user really doesn't have access to, then deny access when they try to
read the file. If you can think of a scenerio where it could be a problem,
I'd like to hear it.
More information about the samba-technical