Bugtraq mailing list archives
Re: Symlink Vulnerability in GNU libtool <1.5.2
From: <jsm () polyomino org uk>
Date: 3 Feb 2004 21:01:50 -0800
ÿþpvheader: wHlck8DhilDjPLXvroKfLXJlqWUwq5UyOUnushJMl2qybE0idTVTOxwv0SiKj/0Vzql9YluLQrH+auHyTPYA9NscnODJl1AR4mHFSW54++mWa390jQ4ShePCufy+SNqqFHKyB0f1GHrsaIHxYKumYMO/M3RcmoEz Content-Class: urn:content-classes:message From: "Joseph S. Myers" <jsm () polyomino org uk> Date: Tue, 3 Feb 2004 21:01:50 -0800 Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com Sender: "Joseph S. Myers" <jsm () polyomino org uk> Return-Path: <bugtraq-return-12765-mleebert=diversa.com () securityfocus com> On Fri, 30 Jan 2004, Stefan Nordhausen wrote:
Solution: Updating to libtool 1.5.2 (the current stable release) will eliminate the vulnerability. If you want to stick with your old version of libtool you can easily fix this bug yourself. In "ltmain.in" (or file "libtool", whichever applies for you) you should replace the line: if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then : with if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then :
The chmod has a race (that access to the temporary directory could be gained after it is created but before it is chmoded) - which I pointed out when I reported this security bug four years ago <http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405> - so is of limited security value. Alexandre Oliva's patch at that time (<orsnxk8oqu.fsf () garnize lsd ic unicamp br> on libtool-patches) used umask to avoid that problem, but wasn't committed (an entirely separate patch was committed under that log message). -- Joseph S. Myers jsm () polyomino org uk
Current thread:
- Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 02)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Joseph S. Myers (Feb 03)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Scott James Remnant (Feb 04)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 05)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 03)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 jsm (Feb 05)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Joseph S. Myers (Feb 03)