[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security vulnerability in automake

From: Lars Hecking
Subject: Re: Security vulnerability in automake
Date: Sun, 2 Jun 2002 18:02:51 +0100
User-agent: Mutt/1.5.1i

Lawrence Teo writes:
> I was learning Automake last night, and I think I found a security
> vulnerability. I'm not sure if this is already known, but I couldn't
> find it on Bugtraq. The security vulnerability is the insecure
> creation of temporary files in the config.guess script which leads
> to a race condition.
 The config.* files are maintained separately from automake AFAIK.

> In the config.guess script, there's a line that says:
[standard temp file symlink attack] 

> My recommendations are:
> 1. Check if the dummy file exists. If it does, append a number to
>   it. If that still exists, keep changing that number until we
>   come up with a filename that does not already exist (this is
>   similar to mutt's temporary files /tmp/mutt-HOSTNAME-PID-SOMENUM);
>   or
> 2. Use a random hash value instead of the process ID ($$), which
>   would be the preferred alternative. However, I don't know how
>   feasible it is to do this in a simple, portable way that's
>   consistent with Automake.

 I believe a better way would be to create the temp files in a newly
 created chmod 700'd directory under /tmp. Maybe combined with 2.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]