virtual access()

utzoo!decvax!ucbvax!unix-wizards utzoo!decvax!ucbvax!unix-wizards
Thu Oct 15 23:53:48 AEST 1981


>From CSL.JLH.MOGUL at SU-SCORE Thu Oct 15 21:38:44 1981
[Dave Crocker suggests that allowing a non-super-user to
use a "what if I'm uid so-and-so" access() call would be a 
security risk.]
I thought this at first, but a proper implementation would
probably return an error if the real (or maybe effective)
uid did not have sufficient access to stat() all the files
along the path.

Obviously, this much could be done by a hairy library routine
anyway.  However, I don't think it makes sense to duplicate
the entire access-rights validation code outside the kernel,
since (1) this is slow, and [much worse] (2) if the kernel's
idea of allowable access changes (e.g., we adopt a bit-encoded
group id), then one MUST make the same changes to the library
routine to maintain proper security.  This is a potentially
error-prone task!
-Jeff
[By the way, my original specification of "accessU(name,mode,uid)"
 should really be "accessU(name,mode,uid,gid)" for obvious reasons.]
-------



More information about the Comp.unix.wizards mailing list