From 4713564349a9e8874078955bb03e74bc8dc74399 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Sun, 24 Oct 2010 09:19:24 +0200 Subject: [PATCH] access.2: Give an example of a safer alternative to using access() Signed-off-by: Michael Kerrisk --- man2/access.2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/man2/access.2 b/man2/access.2 index 6f32c9c24..0d3bb11e7 100644 --- a/man2/access.2 +++ b/man2/access.2 @@ -40,7 +40,7 @@ .\" Modified 2004-06-23 by Michael Kerrisk .\" 2007-06-10, mtk, various parts rewritten, and added BUGS section. .\" -.TH ACCESS 2 2007-07-10 "Linux" "Linux Programmer's Manual" +.TH ACCESS 2 2010-10-24 "Linux" "Linux Programmer's Manual" .SH NAME access \- check real user's permissions for a file .SH SYNOPSIS @@ -158,6 +158,10 @@ open a file before actually doing so using creates a security hole, because the user might exploit the short time interval between checking and opening the file to manipulate it. .BR "For this reason, the use of this system call should be avoided" . +(In the example just described, +a safer alternative would be to temporarily switch the process's +effective user ID to the real ID and then call +.BR open (2).) .PP .BR access () returns an error if any of the access types in