On Sat, 31 Mar 2001, Warner Losh wrote:
> In message <[EMAIL PROTECTED]> Bill Moran writes:
> : I'm a little confused here, if access() is such a serious security
> : problem that it should _never_ be used, do we now have a major problem
> : with a large amount of software in the base system?
>
> Access(2) can be raced.
Shouldn't the stat(2) manpage then also carry the same warning that
access(2) has (apparently dating back to 4.4BSD-Lite)? ...or maybe
even a suggestion to use fstat(2) instead...
-Paul.
Index: stat.2
===================================================================
RCS file: /home/ncvs/src/lib/libc/sys/stat.2,v
retrieving revision 1.16.2.3
diff -u -r1.16.2.3 stat.2
--- stat.2 2000/12/08 13:49:32 1.16.2.3
+++ stat.2 2001/03/31 17:44:27
@@ -273,6 +273,10 @@
.Fn fstat
function calls are expected to conform to
.St -p1003.1-90 .
+.Sh CAVEAT
+.Fn stat
+is a potential security hole and
+should never be used.
.Sh HISTORY
A
.Fn stat
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
