FYI: secure temporary directory creation in distcheck (PR/413)

automake-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FYI: secure temporary directory creation in distcheck (PR/413)

From:	Alexandre Duret-Lutz
Subject:	FYI: secure temporary directory creation in distcheck (PR/413)
Date:	Sun, 29 Feb 2004 17:25:39 +0100
User-agent:	Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3.50 (gnu/linux)

I'm installing this on HEAD and branch-1-8.

2004-02-29  Alexandre Duret-Lutz  <address@hidden>

        Fix for PR/413:
        * lib/am/distdir.am (distcheck): Create $dc_destdir with `umask
        077 && mkdir' instead of `$(mkdir_p)'.  This prevents possible
        symlink attacks reported by Stefan Nordhausen.

Index: NEWS
===================================================================
RCS file: /cvs/automake/automake/NEWS,v
retrieving revision 1.256.2.28
diff -u -r1.256.2.28 NEWS
--- NEWS        15 Feb 2004 21:14:51 -0000      1.256.2.28
+++ NEWS        29 Feb 2004 16:22:48 -0000
@@ -31,6 +31,8 @@
     Automake 1.8.  It will be set to `mkdir -p' only if mkdir is GNU
     mkdir, and to `mkinstalldirs' or `install-sh -d' otherwise.
 
+  - Secure temporary directory creation in `make distcheck'. (PR/413)
+
 * Bugs introduced by 1.8:
 
   - In some situations (hand-written `m4_include's), aclocal would
Index: THANKS
===================================================================
RCS file: /cvs/automake/automake/THANKS,v
retrieving revision 1.230.2.12
diff -u -r1.230.2.12 THANKS
--- THANKS      16 Feb 2004 21:21:23 -0000      1.230.2.12
+++ THANKS      29 Feb 2004 16:22:48 -0000
@@ -225,6 +225,7 @@
 Shigio Yamaguchi       address@hidden
 Simon Josefsson                address@hidden
 Simon Richter          address@hidden
+Stefan Nordhausen      address@hidden
 Stepan Kasal           address@hidden
 Steve M. Robbins       address@hidden
 Sven Verdoolaege       address@hidden
Index: lib/am/distdir.am
===================================================================
RCS file: /cvs/automake/automake/lib/am/distdir.am,v
retrieving revision 1.52.2.2
diff -u -r1.52.2.2 distdir.am
--- lib/am/distdir.am   28 Jan 2004 20:50:59 -0000      1.52.2.2
+++ lib/am/distdir.am   29 Feb 2004 16:22:51 -0000
@@ -357,8 +357,9 @@
 ## $(distdir) is).
          && ({ \
 ## Build the directory, so we can cd into it even if `make install'
-## didn't create it.
-              (cd ../.. && $(mkdir_p) "$$dc_destdir") \
+## didn't create it.  Use mkdir, not $(mkdir_p) because we want to
+## fail if the directory already exists (PR/413).
+              (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \

-- 
Alexandre Duret-Lutz

[Prev in Thread]

Current Thread

[Next in Thread]

FYI: secure temporary directory creation in distcheck (PR/413), Alexandre Duret-Lutz <=

Prev by Date: Discounted Rolex Watches broaden
Next by Date: Re: config.guess patch for alpha-dec-osf
Previous by thread: Discounted Rolex Watches broaden
Next by thread: Re: automake, conditionals, warnings about overriding commands using .yy-files
Index(es):
- Date
- Thread