mirror of https://github.com/mkerrisk/man-pages
access.2: Give an example of a safer alternative to using access()
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
7a35b9818e
commit
4713564349
|
@ -40,7 +40,7 @@
|
||||||
.\" Modified 2004-06-23 by Michael Kerrisk
|
.\" Modified 2004-06-23 by Michael Kerrisk
|
||||||
.\" 2007-06-10, mtk, various parts rewritten, and added BUGS section.
|
.\" 2007-06-10, mtk, various parts rewritten, and added BUGS section.
|
||||||
.\"
|
.\"
|
||||||
.TH ACCESS 2 2007-07-10 "Linux" "Linux Programmer's Manual"
|
.TH ACCESS 2 2010-10-24 "Linux" "Linux Programmer's Manual"
|
||||||
.SH NAME
|
.SH NAME
|
||||||
access \- check real user's permissions for a file
|
access \- check real user's permissions for a file
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
|
@ -158,6 +158,10 @@ open a file before actually doing so using
|
||||||
creates a security hole, because the user might exploit the short time
|
creates a security hole, because the user might exploit the short time
|
||||||
interval between checking and opening the file to manipulate it.
|
interval between checking and opening the file to manipulate it.
|
||||||
.BR "For this reason, the use of this system call should be avoided" .
|
.BR "For this reason, the use of this system call should be avoided" .
|
||||||
|
(In the example just described,
|
||||||
|
a safer alternative would be to temporarily switch the process's
|
||||||
|
effective user ID to the real ID and then call
|
||||||
|
.BR open (2).)
|
||||||
.PP
|
.PP
|
||||||
.BR access ()
|
.BR access ()
|
||||||
returns an error if any of the access types in
|
returns an error if any of the access types in
|
||||||
|
|
Loading…
Reference in New Issue