Re: work3 - searchpath

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: work3 - searchpath
From: Eero Pajarre <epajarre@...>
Date: Wed, 22 Dec 2004 15:39:08 +0200

Adrián Pérez wrote:

access() has security faults in lots of platforms, in fact even manpages

say things like «access() is a potential security hole and should neverbe used»

(from the MacOS X manpages). If you want to do something similar use stat()
or just stick with fopen(). stat() is available in Win32, too.



Most of the security problems related to access
are caused by a program doing some checking with access
and then latter doing something else for the file. The
problem is that somebody could have swapped the file
between these operations (or changed a symlink or
something)

If fopen is used as it is used in searchpath same
problems exist. (No, I have not considered if this could
lead to security problems)

Staying with ANSI C api is of course good, and a reason to use
fopen.


		Eero

References:
- work3 - searchpath, David Burgess
- Re: work3 - searchpath, Adrián Pérez

Prev by Date: Re: work3 - searchpath
Next by Date: Re: work3 -loadlib bug
Previous by thread: Re: work3 - searchpath
Next by thread: tonumber metamethod?
Index(es):
- Date
- Thread