Re: [PATCH] Fix system() behaviour when parameter is NULL

To: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>, mouss <mouss%netoyen.net@localhost>, tech-userlevel%NetBSD.org@localhost
Subject: Re: [PATCH] Fix system() behaviour when parameter is NULL
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Fri, 29 Aug 2008 05:53:07 +0000

On Thu, Aug 28, 2008 at 08:46:38PM +0100, David Laight wrote:
 > On Thu, Aug 28, 2008 at 02:26:28PM -0400, Steven M. Bellovin wrote:
 > > Better wording of the warning might be something like
 > > 
 > >    Although access() checks the real uid's permissions, it should
 > >    never be used for access permission checks by setuid() programs.
 > 
 > Or maybe like:
 > 
 >      The file's permissions may change between the call to access(2)
                              ^ or identity
 >      and any subsequent action performed based on the result.
 >      It should never be used for security checks by setuid() programs.

and s/by setuid() programs//,

but with those provisos seems reasonable.

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- [PATCH] Fix system() behaviour when parameter is NULL
  - From: Andy Shevchenko
- Re: [PATCH] Fix system() behaviour when parameter is NULL
  - From: mouss
- Re: [PATCH] Fix system() behaviour when parameter is NULL
  - From: Steven M. Bellovin
- Re: [PATCH] Fix system() behaviour when parameter is NULL
  - From: David Laight

Prev by Date: Re: [PATCH] Fix system() behaviour when parameter is NULL
Next by Date: Re: patch update
Previous by Thread: Re: [PATCH] Fix system() behaviour when parameter is NULL
Next by Thread: Re: [PATCH] Fix system() behaviour when parameter is NULL
Indexes:

Home | Main Index | Thread Index | Old Index