On 23 Jul 2007, Ben Bacarisse outgrape:
> Nix <nix-razor-pit.RemoveThis@esperi.org.uk> writes:
>> (This is only for those rare cases when you want to append to the file
>> *as root* rather than, say, just swapping your extra privileges out and
>> doing the work with euid == uid. This is sometimes the case.)
>>
>> Is that clearer?
>
> Yes. I now do see the usage case you propose but I would still argue
> against using access in that case. In fact the argument seems to me
> to be stringer since the race (which is always there, of course)
> becomes more dangerous if you are setuid root (or, indeed, setuid
> anything though the risks are consequently lower). If you do:
>
> if (access("safefile", R_W) == 0) && (f = fopen("safefile", "a"))) {
> ...
> }
>
> you provide a window in which a malicious user can do
>
> rm safefile; ln /etc/passwd safefile
True. In general I'd say it's better to drop privs and use open(). I
suspect access() predates the days when Unix hackers had to worry much
about security...
> so I am still struggling to see when one would really advocate its use.
So am I, now. Dammit, now I have to rewrite some code I wrote last year.
Linux