From nobody@www.freebsd.org  Wed Jun 19 09:50:11 2002
Return-Path: <nobody@www.freebsd.org>
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 229DF37B40A
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 19 Jun 2002 09:50:06 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g5JGo2hG005670
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 19 Jun 2002 09:50:02 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g5JGo274005669;
	Wed, 19 Jun 2002 09:50:02 -0700 (PDT)
Message-Id: <200206191650.g5JGo274005669@www.freebsd.org>
Date: Wed, 19 Jun 2002 09:50:02 -0700 (PDT)
From: Soren Spies <sspies@apple.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: access(2) man page has unnecessarily broad warning
X-Send-Pr-Version: www-1.0

>Number:         39530
>Category:       docs
>Synopsis:       access(2) man page has unnecessarily broad warning
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    remko
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 19 10:00:01 PDT 2002
>Closed-Date:    Sun Feb 10 12:28:44 UTC 2008
>Last-Modified:  Thu Feb 14 21:50:01 UTC 2008
>Originator:     Soren Spies
>Release:        FreeBSD-4.5
>Organization:
Apple Computer, Inc
>Environment:
bash-2.05$ uname -a
FreeBSD freebsd.apple.com 4.5-STABLE FreeBSD 4.5-STABLE #1: Mon Apr 22 17:41:12 PDT 2002     jkh@freebsd.apple.com:/usr/obj/usr/local/src/sys/FREEBSD  i386
>Description:
The access(2) man page has a warning about how "access(2) is a security hole and should never be used."  It shouldn't be used to achieve its design goal: allowing a privileged process to know whether its caller has rights on a particular file, but that doesn't mean it should _never_ be used.

In a non-privileged situation where you are just curious if something exists (and for some reason don't want to let the failure of a normal system call let you know it has gone missing, or doesn't have write permission any more, etc), access(2) is a perfectly reasonable mechanism ... especially if you don't want to decipher the bits in stat(2) to try and guess whether or not future syscalls to read/write will fail.

Given the existence of access(1), it seems FreeBSD itself is using access(2) for something ... programmers might like to do the same and shouldn't be frightened away by the CAVEAT section.  There is also some discussion online (eg. http://www.geocrawler.com/archives/3/91/1994/10/50/177659/) about how access(2) is really only a problem for SUID applications.
>How-To-Repeat:
man 2 access
see CAVEAT section
be frightened away from an otherwise useful syscall that would help program writers display access hints about a directory on filesystems where it's hard to decipher the bits yourself.  This is particularly useful for GUIs (and came up when trying to convince the Mac OS X Finder use access(2) to be usable with AFS volumes).
>Fix:
The warning could perhaps read "programs should never make access decisions based upon access(2) nor should setUID programs rely on access() in any way."
>Release-Note:
>Audit-Trail:

From: Soren Spies <sspies@apple.com>
To: freebsd-gnats-submit@FreeBSD.org, Soren Spies <sspies@apple.com>
Cc:  
Subject: Re: docs/39530: access(2) man page has unnecessarily broad warning
Date: Wed, 9 Jul 2003 19:16:58 -0700

 I've noticed in FreeBSD 5.1 that we have eaccess(2) as well as a much 
 better warning in the man page (explaining the tradeoffs, but still 
 saying "never").
 
 I propose the following patch:
 diff -u access.2.orig access.2
 --- access.2.orig       Wed Jul  9 17:16:34 2003
 +++ access.2    Wed Jul  9 17:23:46 2003
 @@ -144,6 +144,15 @@
   .Fn eaccess
   system call
   likewise may be subject to races if used inappropriately.
 +.Pp
 +.Fn access
 +remains useful for providing clues to users as to whether operations
 +make sense for particular filesystem objects (e.g. 'delete' menu
 +item only highlighted in a writable folder ... avoiding interpretation
 +of the st_mode bits that the application might not understand --
 +e.g. in the case of AFS).  It also allows a cheaper file existance
 +test than
 +.Ns Xr stat 2 .
   .Sh SEE ALSO
   .Xr chmod 2 ,
   .Xr intro 2 ,
 
 
 
 --
 Soren Spies
 Apple Computer, Inc.
 
State-Changed-From-To: open->patched 
State-Changed-By: remko 
State-Changed-When: Sat Dec 8 22:50:46 UTC 2007 
State-Changed-Why:  
Patched in -CURRENT 
Take ownership of the PR 


Responsible-Changed-From-To: freebsd-doc->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Sat Dec 8 22:50:46 UTC 2007 
Responsible-Changed-Why:  
Patched in -CURRENT 
Take ownership of the PR 

http://www.freebsd.org/cgi/query-pr.cgi?pr=39530 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/39530: commit references a PR
Date: Sat,  8 Dec 2007 22:50:41 +0000 (UTC)

 remko       2007-12-08 22:50:35 UTC
 
   FreeBSD src repository
 
   Modified files:
     lib/libc/sys         access.2 
   Log:
   Make the warning a bit less 'broad' then it used to be.  The access
   is seems to be a problem for SUID applications, which we like to
   prevent as much as possible.
   
   PR:             docs/39530
   Submitted by:   Soren Spies <sspies at apple dot com>
   MFC After:      3 days
   
   Revision  Changes    Path
   1.20      +10 -1     src/lib/libc/sys/access.2
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: remko 
State-Changed-When: Sun Feb 10 12:28:44 UTC 2008 
State-Changed-Why:  
MFC'ed to relevant branches, thanks for the submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=39530 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/39530: commit references a PR
Date: Sun, 10 Feb 2008 12:27:38 +0000 (UTC)

 remko       2008-02-10 12:27:33 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7)
     lib/libc/sys         access.2 
   Log:
   MFC rev 1.20 access.2
   
     Make the warning a bit less 'broad' then it used to be. The access
     is seems to be a problem for SUID applications, which we like to
     prevent as much as possible.
   
     PR: docs/39530
     Submitted by: Soren Spies <sspies at apple dot com>
     MFC After: 3 days
   
   Revision  Changes    Path
   1.19.2.1  +10 -1     src/lib/libc/sys/access.2
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/39530: commit references a PR
Date: Sun, 10 Feb 2008 12:28:37 +0000 (UTC)

 remko       2008-02-10 12:28:30 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_6)
     lib/libc/sys         access.2 
   Log:
   MFC rev 1.20 access.2
   
     Make the warning a bit less 'broad' then it used to be. The access
     is seems to be a problem for SUID applications, which we like to
     prevent as much as possible.
   
     PR: docs/39530
     Submitted by: Soren Spies <sspies at apple dot com>
     MFC After: 3 days
   
   Revision   Changes    Path
   1.18.12.1  +10 -1     src/lib/libc/sys/access.2
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/39530: commit references a PR
Date: Thu, 14 Feb 2008 21:45:46 +0000 (UTC)

 remko       2008-02-14 21:45:41 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7_0)
     lib/libc/sys         access.2 
   Log:
   MFC rev 1.20 to 1.23 access.2
   
     v1.23
     After issueing a ntpdate [1] I noticed it's already 2008, reflect that
     in the last modified date.
   
     Noticed by:   brueffer [1]
   
     v1.22
     Fix typo (s/existance/existence/)
   
     Noticed by:   ceri
   
     v1.21
     Fix some style nits.
   
     Prodded by:   brueffer
     MFC After:    3 days
   
     v1.20
     Make the warning a bit less 'broad' then it used to be.  The access
     is seems to be a problem for SUID applications, which we like to
     prevent as much as possible.
   
     PR:           docs/39530
     Submitted by: Soren Spies <sspies at apple dot com>
     MFC After:    3 days
   
   Approved by:    re (bmah)
   
   Revision  Changes    Path
   1.19.4.1  +10 -1     src/lib/libc/sys/access.2
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
