Bugtraq mailing list archives
Re: Symlink Vulnerability in GNU libtool <1.5.2
From: Scott James Remnant <scott () netsplit com>
Date: Tue, 03 Feb 2004 20:33:58 +0000
On Tue, 2004-02-03 at 09:47, Joseph S. Myers wrote:
On Fri, 30 Jan 2004, Stefan Nordhausen wrote:Solution: Updating to libtool 1.5.2 (the current stable release) will eliminate the vulnerability. If you want to stick with your old version of libtool you can easily fix this bug yourself. In "ltmain.in" (or file "libtool", whichever applies for you) you should replace the line:The chmod has a race (that access to the temporary directory could be gained after it is created but before it is chmoded)
Would this patch be sufficient? Gary et al. okay to apply if it is? ----8<--------8<--------8<--------8<--------8<--------8<--------8<--------8<---- 2003-02-03 Scott James Remnant <scott () netsplit com> * ltmain.in: Create temporary directory under a strict umask rather than running chmod afterwards, preventing a race condition where the directory could be replaced with a symbolic link in the time between the two commands. diff -u -r1.334.2.20 ltmain.in --- ltmain.in 3 Feb 2004 19:55:29 -0000 1.334.2.20 +++ ltmain.in 3 Feb 2004 20:29:07 -0000 @@ -5673,11 +5673,15 @@ tmpdir="/tmp" test -n "$TMPDIR" && tmpdir="$TMPDIR" tmpdir="$tmpdir/libtool-$$" - if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then : + save_umask=`umask` + umask 0077 + if $mkdir "$tmpdir"; then + umask $save_umask else + umask $save_umask $echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2 continue fi file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'` outputname="$tmpdir/$file" # Replace the output file specification. ---->8-------->8-------->8-------->8-------->8-------->8-------->8-------->8---- Scott -- Have you ever, ever felt like this? Had strange things happen? Are you going round the twist?
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 02)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Joseph S. Myers (Feb 03)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Scott James Remnant (Feb 04)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 05)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 03)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 jsm (Feb 05)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Joseph S. Myers (Feb 03)