[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FYI] Re: Vulnerability in libtool 1.5

From: Gary V . Vaughan
Subject: Re: [FYI] Re: Vulnerability in libtool 1.5
Date: Sun, 4 Jan 2004 20:06:38 +0000

I have no problem with starting to use shell functions to libtool now,
and infact I think that it is the best way to bring some sanity to the code spaghetti we are trying to maintain. For now, I don't think it is safe to rely on any more advanced shell function features than enumerated parameter passing.

Here's a function (plus a bit of supporting gubbins) excerpted from libtoolize:

: ${MKDIR="mkdir"}


# func_mkdir_p dir
# Make sure the entire path to DIR is available.
func_mkdir_p ()

    while test ! -d "$my_dir"; do
      my_dirs="$my_dir $my_dirs"
      case $my_dir in */*) ;; *) break ;; esac
      my_dir=`echo "$my_dir" | sed "$sed_dirname"`
   test ! -n "$my_dirs" || $MKDIR $my_dirs


On Saturday, January 3, 2004, at 02:44  pm, Scott James Remnant wrote:
+2004-01-03  Stefan Nordhausen  <address@hidden>
+       Scott James Remnant  <address@hidden>
+       * m4/ Don't use the mkdir -p option when creating a
+       temporary output directory so a symlink attack can't be used to
+       arbitrarily chmod other directories on the system if libtool
+       gets run as root.

Gary V. Vaughan      ())_.  address@hidden,}
Research Scientist   ( '/
GNU Hacker           / )=
Technical Author   `(_~)_

reply via email to

[Prev in Thread] Current Thread [Next in Thread]