C programming: don't use access(2)

While reviewing C code from a customer today, I ran across the incorrect use of the access(2) function call. This is very commonly - but wrongly - used as a kind of "does the file exist?" function, but that's positively not what it was designed for. It's meant to be used by setuid/setgid programs to see if the underlying user/group has permissions on the given file, avoiding ugly bit-fiddling.

I have run across this mistake time and time again, and even in non-setuid programs it can become a factor: if the program using access() incorrectly is ever part of a setuid system (say, used in a shell script called from a setuid program), stuff will just break.

In early 1988 I'd had enough of this on a project so I posted my "access flame" to a handful of Usenet groups (comp.lang.c, comp.unix.questions, and comp.unix.wizards), and most of my technical points have merit 15 years later.

Blast from the past: access-flame.txt from 1 March 1988

Posted by Steve at May 19, 2003 10:27 PM | TrackBack