Module Name: src
Committed By: jruoho
Date: Fri Apr 30 06:34:23 UTC 2010
Modified Files:
src/lib/libc/sys: access.2
Log Message:
Use a SECURITY CONSIDERATIONS instead of the BUGS section, and steal this
section from FreeBSD (with minor modifications).
To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/lib/libc/sys/access.2
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/sys/access.2
diff -u src/lib/libc/sys/access.2:1.22 src/lib/libc/sys/access.2:1.23
--- src/lib/libc/sys/access.2:1.22 Thu Feb 2 05:13:57 2006
+++ src/lib/libc/sys/access.2 Fri Apr 30 06:34:23 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: access.2,v 1.22 2006/02/02 05:13:57 enami Exp $
+.\" $NetBSD: access.2,v 1.23 2010/04/30 06:34:23 jruoho Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -29,7 +29,7 @@
.\"
.\" @(#)access.2 8.2 (Berkeley) 4/1/94
.\"
-.Dd April 1, 1994
+.Dd April 30, 2010
.Dt ACCESS 2
.Os
.Sh NAME
@@ -132,7 +132,23 @@
.Fn access
function conforms to
.St -p1003.1-90 .
-.Sh BUGS
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn access
+system call is a potential security hole due to race conditions.
+It should never be used.
+Set-user-ID and set-group-ID applications should restore the
+effective user or group ID, and perform actions directly rather than use
+.Fn access
+to simulate access checks for the real user or group ID.
+The
+.Fn eaccess
+system call
+likewise may be subject to races if used inappropriately.
+.Pp
+The
.Fn access
-is a potential security hole and
-should never be used.
+system call may however have some value in providing clues to users as to
+whether certain operations make sense for a particular filesystem object.
+Arguably it also allows a cheaper file existence test than
+.Xr stat 2 .
