automake
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security vulnerability in automake


From: Lawrence Teo
Subject: Re: Security vulnerability in automake
Date: Fri, 07 Jun 2002 21:03:33 -0400

> Likewise, having a "hardened" config.guess file would not necessarily
> prevent symlink attacks, but it'll definitely make it much harder for an
> attacker to exploit it, even if the admin is sloppy.

An attacker is hardly likely to distribute a "hardened" config.guess

Of course the attacker won't distribute a hardened config.guess. But look at my attack example shown in my reply to Allan's mail:

http://mail.gnu.org/pipermail/automake/2002-June/011190.html

That attack does *not* require an attacker to distribute a hardened config.guess, or change the original source code of the package in any way.

Lawrence

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com




reply via email to

[Prev in Thread] Current Thread [Next in Thread]