Reputation: 1043
access(2) system call security issue
access(2) man page says,
CAVEAT Access() is a potential security hole and should never be used.
But what is the security hole and why I should not use it?
Upvotes: 2
Views: 3584
Answers (3)
Reputation: 415
From my system's man pages:
Warning: Using access() to check if a user is authorized to, for example, open a file before actually doing so using open(2) creates a security hole, because the user might exploit the short time interval between checking and opening the file to manipulate it. For this reason, the use of this system call should be avoided. (In the example just described, a safer alternative would be to temporarily switch the process's effective user ID to the real ID and then call open(2).)
So, the problem is that it creates a race condition can be exploited by the user to gain access to other files.
Imagine the following example scenario. I create a file /tmp/file that I am allowed to write. Then, your uid-0 program calls access() to check if I am allowed to open this file for writing, before providing me write access to it.
In the short space between the calls to access() and open(), I can remove /tmp/file and replace it by a symlink to /etc/crontab. I can now get the system to run any program I like, since the application will happily give me write access to /etc/crontab.
Upvotes: 5
Reputation: 2059
Check out: http://www.kernel.org/doc/man-pages/online/pages/man2/access.2.html
Warning: Using access() to check if a user is authorized to, for example, open a file before actually doing so using open(2) creates a security hole, because the user might exploit the short time interval between checking and opening the file to manipulate it. For this reason, the use of this system call should be avoided. (In the example just described, a safer alternative would be to temporarily switch the process's effective user ID to the real ID and then call open(2).)
See also:
http://www.csl.sri.com/~ddean/papers/usenix04.pdf
Upvotes: 0
Reputation: 57670
Linux Man pages clearly describes it
Warning: Using
access()to check if a user is authorized to, for example, open a file before actually doing so using open(2) creates a security hole, because the user might exploit the short time interval between checking and opening the file to manipulate it. For this reason, the use of this system call should be avoided.
Also note. For security reason security exploits are not easily reachable to public.
Upvotes: 4
Related Questions
- Creating my own version of the access() function
- access() Security Hole
- Does the Posix "access" syscall take ACLs into consideration?
- Linux: Unexpected rights during execution
- Why does access(2) check for real and not effective UID?
- Access violation error C
- Linux System Calls & Kernel Mode
- Preventing processes to execute certain system calls
- System call open() permissions
- open() call successful even with no permissions