|
Adrián Pérez wrote:
access() has security faults in lots of platforms, in fact even manpagessay things like «access() is a potential security hole and should never be used»(from the MacOS X manpages). If you want to do something similar use stat() or just stick with fopen(). stat() is available in Win32, too.
Most of the security problems related to access are caused by a program doing some checking with access and then latter doing something else for the file. The problem is that somebody could have swapped the file between these operations (or changed a symlink or something) If fopen is used as it is used in searchpath same problems exist. (No, I have not considered if this could lead to security problems) Staying with ANSI C api is of course good, and a reason to use fopen. Eero