From 4713564349a9e8874078955bb03e74bc8dc74399 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Sun, 24 Oct 2010 09:19:24 +0200
Subject: [PATCH] access.2: Give an example of a safer alternative to using
 access()

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man2/access.2 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/man2/access.2 b/man2/access.2
index 6f32c9c24..0d3bb11e7 100644
--- a/man2/access.2
+++ b/man2/access.2
@@ -40,7 +40,7 @@
 .\" Modified 2004-06-23 by Michael Kerrisk
 .\" 2007-06-10, mtk, various parts rewritten, and added BUGS section.
 .\"
-.TH ACCESS 2 2007-07-10 "Linux" "Linux Programmer's Manual"
+.TH ACCESS 2 2010-10-24 "Linux" "Linux Programmer's Manual"
 .SH NAME
 access \- check real user's permissions for a file
 .SH SYNOPSIS
@@ -158,6 +158,10 @@ open a file before actually doing so using
 creates a security hole, because the user might exploit the short time
 interval between checking and opening the file to manipulate it.
 .BR "For this reason, the use of this system call should be avoided" .
+(In the example just described,
+a safer alternative would be to temporarily switch the process's
+effective user ID to the real ID and then call
+.BR open (2).)
 .PP
 .BR access ()
 returns an error if any of the access types in