[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Symlink Vulnerability in GNU libtool <1.5.2

From: Scott James Remnant
Subject: Re: Symlink Vulnerability in GNU libtool <1.5.2
Date: Tue, 03 Feb 2004 20:33:58 +0000

On Tue, 2004-02-03 at 09:47, Joseph S. Myers wrote:

> On Fri, 30 Jan 2004, Stefan Nordhausen wrote:
> > Solution:
> > Updating to libtool 1.5.2 (the current stable release) will eliminate
> > the vulnerability. If you want to stick with your old version of libtool
> > you can easily fix this bug yourself. In "" (or file "libtool", 
> > whichever applies for you) you should replace the line:
> > 
> The chmod has a race (that access to the temporary directory could be
> gained after it is created but before it is chmoded)
Would this patch be sufficient?  Gary et al. okay to apply if it is?

2003-02-03  Scott James Remnant  <address@hidden>

        * Create temporary directory under a strict umask
        rather than running chmod afterwards, preventing a race
        condition where the directory could be replaced with a symbolic
        link in the time between the two commands.

diff -u -r1.334.2.20
---   3 Feb 2004 19:55:29 -0000       1.334.2.20
+++   3 Feb 2004 20:29:07 -0000
@@ -5673,11 +5673,15 @@
              test -n "$TMPDIR" && tmpdir="$TMPDIR"
-             if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then :
+             save_umask=`umask`
+             umask 0077
+             if $mkdir "$tmpdir"; then
+               umask $save_umask
+               umask $save_umask
                $echo "$modename: error: cannot create temporary directory 
\`$tmpdir'" 1>&2
              file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
              # Replace the output file specification.

Have you ever, ever felt like this?
Had strange things happen?  Are you going round the twist?

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]