[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Symlink Vulnerability in GNU libtool <1.5.2

From: Scott James Remnant
Subject: Re: Symlink Vulnerability in GNU libtool <1.5.2
Date: Tue, 03 Feb 2004 22:02:20 +0000

On Tue, 2004-02-03 at 21:49, Gary V.Vaughan wrote:

> On Tuesday, February 3, 2004, at 08:33  pm, Scott James Remnant wrote:
> > On Tue, 2004-02-03 at 09:47, Joseph S. Myers wrote:
> >> The chmod has a race (that access to the temporary directory could be
> >> gained after it is created but before it is chmoded)
> >>
> > Would this patch be sufficient?  Gary et al. okay to apply if it is?
> >
> > 2003-02-03  Scott James Remnant  <address@hidden>
> >
> >     * Create temporary directory under a strict umask
> >     rather than running chmod afterwards, preventing a race
> >     condition where the directory could be replaced with a symbolic
> >     link in the time between the two commands.
> Looks good from here.
Committed to HEAD and branch-1-5.

Now... the tricky question, do we think this should warrant a new

Have you ever, ever felt like this?
Had strange things happen?  Are you going round the twist?

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]