BugTraq
Symlink Vulnerability in GNU libtool <1.5.2 Jan 30 2004 01:14AM
Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de) (3 replies)
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 04 2004 05:01AM
jsm polyomino org uk
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 03 2004 11:21AM
Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de)
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 03 2004 09:47AM
Joseph S. Myers (jsm polyomino org uk) (2 replies)
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 04 2004 07:10PM
Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de)
Re: Symlink Vulnerability in GNU libtool <1.5.2 Feb 03 2004 08:33PM
Scott James Remnant (scott netsplit com)
On Tue, 2004-02-03 at 09:47, Joseph S. Myers wrote:

> On Fri, 30 Jan 2004, Stefan Nordhausen wrote:
> > Solution:
> > Updating to libtool 1.5.2 (the current stable release) will eliminate
> > the vulnerability. If you want to stick with your old version of libtool
> > you can easily fix this bug yourself. In "ltmain.in" (or file "libtool",
> > whichever applies for you) you should replace the line:
> >
> The chmod has a race (that access to the temporary directory could be
> gained after it is created but before it is chmoded)
>
Would this patch be sufficient? Gary et al. okay to apply if it is?

----8<--------8<--------8<--------8<--------8<--------8<--------8<------
--8<----
2003-02-03 Scott James Remnant <scott (at) netsplit (dot) com [email concealed]>

* ltmain.in: Create temporary directory under a strict umask
rather than running chmod afterwards, preventing a race
condition where the directory could be replaced with a symbolic
link in the time between the two commands.

diff -u -r1.334.2.20 ltmain.in
--- ltmain.in 3 Feb 2004 19:55:29 -0000 1.334.2.20
+++ ltmain.in 3 Feb 2004 20:29:07 -0000
@@ -5673,11 +5673,15 @@
tmpdir="/tmp"
test -n "$TMPDIR" && tmpdir="$TMPDIR"
tmpdir="$tmpdir/libtool-$$"
- if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then :
+ save_umask=`umask`
+ umask 0077
+ if $mkdir "$tmpdir"; then
+ umask $save_umask
else
+ umask $save_umask
$echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2
continue
fi
file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
outputname="$tmpdir/$file"
# Replace the output file specification.
---->8-------->8-------->8-------->8-------->8-------->8-------->8------
-->8----

Scott
--
Have you ever, ever felt like this?
Had strange things happen? Are you going round the twist?

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus