| Subject: | Re: [PATCH] Fix system() behaviour when parameter is NULL |
|---|---|
| From: | David Laight |
| Date: | Thu, 28 Aug 2008 20:46:38 +0100 |
On Thu, Aug 28, 2008 at 02:26:28PM -0400, Steven M. Bellovin wrote:
> Better wording of the warning might be something like
>
> Although access() checks the real uid's permissions, it should
> never be used for access permission checks by setuid() programs.
Or maybe like:
The file's permissions may change between the call to access(2)
and any subsequent action performed based on the result.
It should never be used for security checks by setuid() programs.
David
--
David Laight: david@xxxxxxxxx
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] Fix system() behaviour when parameter is NULL, der Mouse |
|---|---|
| Next by Date: | Re: patch update, Adam Hoka |
| Previous by Thread: | Re: [PATCH] Fix system() behaviour when parameter is NULL, David Holland |
| Next by Thread: | Re: [PATCH] Fix system() behaviour when parameter is NULL, David Holland |
| Indexes: | [Date] [Thread] [Top] [All Lists] |