Re: [PATCH] fcntl.h: define AT_EACCESS

From: David Wagner
Date: Mon Apr 19 2010 - 18:28:59 EST

Next message: Chase Douglas: "Re: [PATCH 3/3] Stop tracing on a schedule bug"
Previous message: Dinh . Nguyen: "[PATCHv5 2.6.34-rc4 3/5] mx5: Enable board specific functions for enabling USB host on Babbage"
In reply to: H. Peter Anvin: "Re: [PATCH] fcntl.h: define AT_EACCESS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Can you share some justification why it's worth extending
faccessat() with new options?

Isn't faccessat() insecure in most use cases, due to TOCTTOU
(time-of-check to time-of-use) vulnerabilities? When faccessat()
returns 0, you learn that at some point in the past, the process had
permission to access a given file, though the process may or may not
have permission at the moment. Why is that a useful thing to know?

I'm sure you're familiar with all the standard arguments why using
access() tends to represent a security vulnerability. Is there a reason
why similar arguments do not apply to faccessat()?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chase Douglas: "Re: [PATCH 3/3] Stop tracing on a schedule bug"
Previous message: Dinh . Nguyen: "[PATCHv5 2.6.34-rc4 3/5] mx5: Enable board specific functions for enabling USB host on Babbage"
In reply to: H. Peter Anvin: "Re: [PATCH] fcntl.h: define AT_EACCESS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]