autoconf potential bug...

[Shaun Colley]

Hello,

Although the statement is blatantly obvious,
"configure" scripts created via autoconf create temp
files (and files such as config.cache etc), but it
occured to me today, that they *seem* to create them
in an insecure way.

Maybe this is well-known, but when "configure" scripts
made with autoconf are writing to temp files, they
sometimes don't check if the file is a symlink (or so
it seemed to me), so doesn't this present itself as a
security vulnerability?

As an example, I created a symlink called
'config.cache' in the directory of the package I was
installing, and linked it to /etc/bleh.  After running
'./configure' (I ran ./configure as root), I catted
/etc/bleh, and it contained the following:


---
# This file is a shell script that caches the results
of configure
# tests run on this system so they can be shared
between configure
# scripts and configure runs, see configure's option
--config-cache.
# It is not useful on other systems.  If it contains
results you don't
# want to keep, you may remove or edit it.
#
# config.status only pays attention to the cache file
if you give it
# the --recheck option to rerun configure.
#
# `ac_cv_env_foo' variables (set or unset) will be
overridden when
# loading this file, other *unset* `ac_cv_foo' will be
assigned the
# following values.

ac_cv_build=${ac_cv_build=i686-pc-linux-gnu}
ac_cv_build_alias=${ac_cv_build_alias=i686-pc-linux-gnu}
ac_cv_c_bigendian=${ac_cv_c_bigendian=no}
ac_cv_c_compiler_gnu=${ac_cv_c_compiler_gnu=yes}
ac_cv_c_const=${ac_cv_c_const=yes}
ac_cv_c_inline=${ac_cv_c_inline=inline}
ac_cv_c_long_double=${ac_cv_c_long_double=yes}
ac_cv_env_CC_set=
ac_cv_env_CC_value=
ac_cv_env_CFLAGS_set=
ac_cv_env_CFLAGS_value=
ac_cv_env_CPPFLAGS_set=
ac_cv_env_CPPFLAGS_value=
ac_cv_env_CPP_set=
ac_cv_env_CPP_value=
ac_cv_env_LDFLAGS_set=
ac_cv_env_LDFLAGS_value=
ac_cv_env_build_alias_set=
ac_cv_env_build_alias_value=
ac_cv_env_host_alias_set=
ac_cv_env_host_alias_value=
ac_cv_env_target_alias_set=
ac_cv_env_target_alias_value=
ac_cv_exeext=${ac_cv_exeext=}
ac_cv_fakehost_postfix=${ac_cv_fakehost_postfix=TR}
ac_cv_func__doprnt=${ac_cv_func__doprnt=no}
ac_cv_func_alloca_works=${ac_cv_func_alloca_works=yes}
ac_cv_func_dlopen=${ac_cv_func_dlopen=no}
ac_cv_func_getdelim=${ac_cv_func_getdelim=yes}
ac_cv_func_getrusage=${ac_cv_func_getrusage=yes}
ac_cv_func_inet_addr=${ac_cv_func_inet_addr=yes}
ac_cv_func_inet_aton=${ac_cv_func_inet_aton=yes}
ac_cv_func_inet_netof=${ac_cv_func_inet_netof=yes}
ac_cv_func_inet_ntoa=${ac_cv_func_inet_ntoa=yes}
ac_cv_func_isascii=${ac_cv_func_isascii=yes}
ac_cv_func_memcpy=${ac_cv_func_memcpy=yes}
ac_cv_func_mempcpy=${ac_cv_func_mempcpy=yes}
ac_cv_func_memset=${ac_cv_func_memset=yes}
ac_cv_func_mmap=${ac_cv_func_mmap=yes}
ac_cv_func_nanosleep=${ac_cv_func_nanosleep=yes}
ac_cv_func_poll=${ac_cv_func_poll=yes}
ac_cv_func_shl_load=${ac_cv_func_shl_load=no}
ac_cv_func_snprintf=${ac_cv_func_snprintf=yes}
ac_cv_func_stpcpy=${ac_cv_func_stpcpy=yes}
ac_cv_func_strchr=${ac_cv_func_strchr=yes}
ac_cv_func_strerror=${ac_cv_func_strerror=yes}
ac_cv_func_strpbrk=${ac_cv_func_strpbrk=yes}
ac_cv_func_strtok=${ac_cv_func_strtok=yes}
ac_cv_func_strtoken=${ac_cv_func_strtoken=no}
ac_cv_func_strtol=${ac_cv_func_strtol=yes}
ac_cv_func_strtoul=${ac_cv_func_strtoul=yes}
ac_cv_func_vprintf=${ac_cv_func_vprintf=yes}
ac_cv_func_vsnprintf=${ac_cv_func_vsnprintf=yes}
ac_cv_have_dlopen=${ac_cv_have_dlopen=yes}
ac_cv_have_shl_load=${ac_cv_have_shl_load=no}
ac_cv_header_dirent_dirent_h=${ac_cv_header_dirent_dirent_h=yes}
ac_cv_header_errno_h=${ac_cv_header_errno_h=yes}
ac_cv_header_fcntl_h=${ac_cv_header_fcntl_h=yes}
ac_cv_header_getopt_h=${ac_cv_header_getopt_h=yes}
ac_cv_header_inttypes_h=${ac_cv_header_inttypes_h=yes}
ac_cv_header_limits_h=${ac_cv_header_limits_h=yes}
ac_cv_header_mach_o_dyld_h=${ac_cv_header_mach_o_dyld_h=no}
ac_cv_header_memory_h=${ac_cv_header_memory_h=yes}
ac_cv_header_netinet_in6_h=${ac_cv_header_netinet_in6_h=no}
ac_cv_header_netinet_in_h=${ac_cv_header_netinet_in_h=yes}
ac_cv_header_pthread_h=${ac_cv_header_pthread_h=yes}
ac_cv_header_signal_h=${ac_cv_header_signal_h=yes}
ac_cv_header_stat_broken=${ac_cv_header_stat_broken=no}
ac_cv_header_stdarg_h=${ac_cv_header_stdarg_h=yes}
ac_cv_header_stdc=${ac_cv_header_stdc=yes}
ac_cv_header_stddef_h=${ac_cv_header_stddef_h=yes}
ac_cv_header_stdint_h=${ac_cv_header_stdint_h=yes}
ac_cv_header_stdlib_h=${ac_cv_header_stdlib_h=yes}
ac_cv_header_string_h=${ac_cv_header_string_h=yes}
ac_cv_header_strings_h=${ac_cv_header_strings_h=yes}
ac_cv_header_sys_errno_h=${ac_cv_header_sys_errno_h=yes}
ac_cv_header_sys_neutrino_h=${ac_cv_header_sys_neutrino_h=no}
ac_cv_header_sys_param_h=${ac_cv_header_sys_param_h=yes}
ac_cv_header_sys_select_h=${ac_cv_header_sys_select_h=yes}
ac_cv_header_sys_signal_h=${ac_cv_header_sys_signal_h=yes}
ac_cv_header_sys_stat_h=${ac_cv_header_sys_stat_h=yes}
ac_cv_header_sys_types_h=${ac_cv_header_sys_types_h=yes}
ac_cv_header_unistd_h=${ac_cv_header_unistd_h=yes}
ac_cv_host=${ac_cv_host=i686-pc-linux-gnu}
ac_cv_host_alias=${ac_cv_host_alias=i686-pc-linux-gnu}
ac_cv_lib_cposix_strerror=${ac_cv_lib_cposix_strerror=no}
ac_cv_lib_dl_dlopen=${ac_cv_lib_dl_dlopen=yes}
ac_cv_lib_dl_dlsym=${ac_cv_lib_dl_dlsym=yes}
ac_cv_lib_dld_shl_load=${ac_cv_lib_dld_shl_load=no}
ac_cv_lib_fl_yywrap=${ac_cv_lib_fl_yywrap=no}
ac_cv_lib_l_yywrap=${ac_cv_lib_l_yywrap=no}
ac_cv_lib_nsl_main=${ac_cv_lib_nsl_main=yes}
ac_cv_lib_opm_opm_create=${ac_cv_lib_opm_opm_create=no}
ac_cv_lib_pthread_pthread_create=${ac_cv_lib_pthread_pthread_create=yes}
ac_cv_lib_resolv_main=${ac_cv_lib_resolv_main=yes}
ac_cv_lib_socket_socket=${ac_cv_lib_socket_socket=no}
ac_cv_maxclients=${ac_cv_maxclients=128}
ac_cv_member_struct_stat_st_blksize=${ac_cv_member_struct_stat_st_blksize=yes}
ac_cv_numofdays=${ac_cv_numofdays=365}
ac_cv_objext=${ac_cv_objext=o}
ac_cv_path_AR=${ac_cv_path_AR=/usr/bin/ar}
ac_cv_path_AWK=${ac_cv_path_AWK=/bin/awk}
ac_cv_path_CP=${ac_cv_path_CP=/bin/cp}
ac_cv_path_GREP=${ac_cv_path_GREP=/bin/grep}
ac_cv_path_LD=${ac_cv_path_LD=/usr/bin/ld}
ac_cv_path_LN=${ac_cv_path_LN=/bin/ln}
ac_cv_path_MAKE=${ac_cv_path_MAKE=/usr/bin/gmake}
ac_cv_path_MV=${ac_cv_path_MV=/bin/mv}
ac_cv_path_RM=${ac_cv_path_RM=/bin/rm}
ac_cv_path_SED=${ac_cv_path_SED=/bin/sed}
ac_cv_prog_CPP=${ac_cv_prog_CPP='gcc -E'}
ac_cv_prog_MD5SUMS=${ac_cv_prog_MD5SUMS=md5sum}
ac_cv_prog_ac_ct_CC=${ac_cv_prog_ac_ct_CC=gcc}
ac_cv_prog_ac_ct_RANLIB=${ac_cv_prog_ac_ct_RANLIB=ranlib}
ac_cv_prog_cc_g=${ac_cv_prog_cc_g=yes}
ac_cv_prog_cc_stdc=${ac_cv_prog_cc_stdc=}
ac_cv_prog_egrep=${ac_cv_prog_egrep='grep -E'}
ac_cv_prog_gcc_traditional=${ac_cv_prog_gcc_traditional=no}
ac_cv_prog_make_make_set=${ac_cv_prog_make_make_set=yes}
ac_cv_search_opendir=${ac_cv_search_opendir='none
required'}
ac_cv_search_strerror=${ac_cv_search_strerror='none
required'}
ac_cv_shared_modules=${ac_cv_shared_modules=yes}
ac_cv_target=${ac_cv_target=i686-pc-linux-gnu}
ac_cv_target_alias=${ac_cv_target_alias=i686-pc-linux-gnu}
ac_cv_type_u_int32_t=${ac_cv_type_u_int32_t=yes}
ac_cv_type_uintptr_t=${ac_cv_type_uintptr_t=yes}
ac_cv_working_alloca_h=${ac_cv_working_alloca_h=yes}

[...and so on...]
---


Perhaps this has indeed been long known, but it seems
to me that autoconf configure scripts therefore create
tempfile (and other files) in an insecure manner. 
Surely this can't be right?


(NOTE: I'm sometimes careless, and quite frequently
wrong, so I could well be wrong about this thing.  I
just emailed this just to put my mind at rest)


If this is a false alarm, sorry for the time I am
wasting.  Cheers. :)



Thank you for your time.
Shaun.


        
        
                
___________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html