Re: FYI: branch-1-5: fix local denial of service in relink

[James Kosin]

Thanks,

It ran through the tests and worked.  Sorry, for the late response, I 
don't have access on weekends to rebuild the package.  This weekend I 
graduated from colledge and Sunday is usually busy for me anyway.

James Kosin


Ralf Wildenhues wrote:
> Applied to branch-1-5 (already fixed in HEAD).
>
> Cheers,
> Ralf
>
>         * ltmain.in (func_mktempdir): New, backported from HEAD.
>         (link mode): Use it.  Fixes potential denial of service through
>         malicious other local user.
>         Reported by James Kosin <address@hidden>.
>  
> Index: ltmain.in
> ===================================================================
> RCS file: /cvsroot/libtool/libtool/Attic/ltmain.in,v
> retrieving revision 1.334.2.113
> diff -u -r1.334.2.113 ltmain.in
> --- ltmain.in   18 Dec 2005 18:11:06 -0000      1.334.2.113
> +++ ltmain.in   18 Dec 2005 18:37:12 -0000
> @@ -141,6 +141,43 @@
>  # Shell function definitions:
>  # This seems to be the best place for them
>  
> +# func_mktempdir [string]
> +# Make a temporary directory that won't clash with other running
> +# libtool processes, and avoids race conditions if possible.  If
> +# given, STRING is the basename for that directory.
> +func_mktempdir ()
> +{
> +    my_template="${TMPDIR-/tmp}/${1-$progname}"
> +
> +    if test "$run" = ":"; then
> +      # Return a directory name, but don't create it in dry-run mode
> +      my_tmpdir="${my_template}-$$"
> +    else
> +
> +      # If mktemp works, use that first and foremost
> +      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
> +
> +      if test ! -d "$my_tmpdir"; then
> +       # Failing that, at least try and use $RANDOM to avoid a race
> +       my_tmpdir="${my_template}-${RANDOM-0}$$"
> +
> +       save_mktempdir_umask=`umask`
> +       umask 0077
> +       $mkdir "$my_tmpdir"
> +       umask $save_mktempdir_umask
> +      fi
> +
> +      # If we're not in dry-run mode, bomb out on failure
> +      test -d "$my_tmpdir" || {
> +        $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
> +       exit $EXIT_FAILURE
> +      }
> +    fi
> +
> +    $echo "X$my_tmpdir" | $Xsed
> +}
> +
> +
>  # func_win32_libid arg
>  # return the library type of file 'arg'
>  #
> @@ -6095,18 +6132,7 @@
>           outputname=
>           if test "$fast_install" = no && test -n "$relink_command"; then
>             if test "$finalize" = yes && test -z "$run"; then
> -             tmpdir="/tmp"
> -             test -n "$TMPDIR" && tmpdir="$TMPDIR"
> -             tmpdir="$tmpdir/libtool-$$"
> -             save_umask=`umask`
> -             umask 0077
> -             if $mkdir "$tmpdir"; then
> -               umask $save_umask
> -             else
> -               umask $save_umask
> -               $echo "$modename: error: cannot create temporary directory \`$tmpdir'" 
> 1>&2
> -               continue
> -             fi
> +             tmpdir=`func_mktempdir`
>               file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
>               outputname="$tmpdir/$file"
>               # Replace the output file specification.