Code to hide inaccessible files/directories

Bill Moran wmoran at iowna.com
Tue Apr 17 20:58:37 GMT 2001


>Race condition. If you use access() to test permissions - then perform
>some function as a result, there's a possibility for someone to change
>the permissions between those two actions. For example, you test
>access() to see if the user can open a file and find it OK to open, then
>a malicious user replaces the file with a links to passwd. You then have
>access to a file you shouldn't. Like I said, doesn't seem to apply in
>this use.
Well, with a network file system many strange things can happen ...

Still ... I can't see how it would do anything worse than show a file that 
the user really doesn't have access to, then deny access when they try to 
read the file. If you can think of a scenerio where it could be a problem, 
I'd like to hear it.

-Bill





More information about the samba mailing list