|
From: | Robert Funnell |
Subject: | Re: [Nano-devel] Checking permissions before opening file |
Date: | Mon, 25 Jan 2016 16:22:45 -0500 (EST) |
User-agent: | Alpine 2.00 (DEB 1167 2008-08-23) |
On Mon, 25 Jan 2016, Rishabh Dave wrote:
Replaced stat() by access() - which is in unistd.h - to check accessibility of path. However, this replacement doesn't affect the case 'src/nano /root/.nano/yuhu'. (mentioned about it because it was the case under consideration last time - bug #44950 thread).
The man page for access() says it creates a security hole and its use should be avoided. I see a lot of discussions of the issue on the Web and a lot of people seem to agree that it's a bad idea.
- Robert
[Prev in Thread] | Current Thread | [Next in Thread] |