[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security vulnerability in automake

From: Allan Clark
Subject: Re: Security vulnerability in automake
Date: Sun, 09 Jun 2002 01:20:01 -0700
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1

This is really not an issue; standard users cannot overwrite /etc/passwd

You don't compile/install unknown software as root, do you? If so, then my configure file says this:
date > /etc/passwd

Sure, this could be replaced with a hashed random name, but the same vulnerability remains. Don't build as root?


Lawrence Teo wrote:

I was learning Automake last night, and I think I found a security
vulnerability. I'm not sure if this is already known, but I couldn't
find it on Bugtraq. The security vulnerability is the insecure
creation of temporary files in the config.guess script which leads
to a race condition.

In the config.guess script, there's a line that says:


And further down...

echo "int dummy(){}" > $dummy.c ;

An attacker can create a number of symbolic links called
dummy-PID.c pointing to important files like /etc/passwd. PID in
this case would be the attacker's guesses on what the PID of the
config.guess script will run as. If root runs ./configure in a
source tree containing these malicious symlinks, and if the
configure script in turn runs config.guess, the /etc/passwd file
may potentially be overwritten with "int dummy(){}", resulting in
a denial of service attack.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]