lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Adrián Pérez wrote:

access() has security faults in lots of platforms, in fact even manpages
say things like «access() is a potential security hole and should never be used»
(from the MacOS X manpages). If you want to do something similar use stat()
or just stick with fopen(). stat() is available in Win32, too.


Most of the security problems related to access
are caused by a program doing some checking with access
and then latter doing something else for the file. The
problem is that somebody could have swapped the file
between these operations (or changed a symlink or
something)

If fopen is used as it is used in searchpath same
problems exist. (No, I have not considered if this could
lead to security problems)

Staying with ANSI C api is of course good, and a reason to use
fopen.


		Eero