Bugtraq mailing list archives

Re: Symlink Vulnerability in GNU libtool <1.5.2

From: "Joseph S. Myers" <jsm () polyomino org uk>
Date: Tue, 3 Feb 2004 09:47:46 +0000 (UTC)

On Fri, 30 Jan 2004, Stefan Nordhausen wrote:

Solution:
Updating to libtool 1.5.2 (the current stable release) will eliminate
the vulnerability. If you want to stick with your old version of libtool
you can easily fix this bug yourself. In "ltmain.in" (or file "libtool", 
whichever applies for you) you should replace the line:

if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then :

with

if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then :


The chmod has a race (that access to the temporary directory could be
gained after it is created but before it is chmoded) - which I pointed out
when I reported this security bug four years ago
<http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405> - so is
of limited security value.  Alexandre Oliva's patch at that time
(<orsnxk8oqu.fsf () garnize lsd ic unicamp br> on libtool-patches) used umask
to avoid that problem, but wasn't committed (an entirely separate patch
was committed under that log message).

-- 
Joseph S. Myers
jsm () polyomino org uk

Current thread:

Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 02)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Joseph S. Myers (Feb 03)
  - Re: Symlink Vulnerability in GNU libtool <1.5.2 Scott James Remnant (Feb 04)
  - Re: Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 05)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 03)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 jsm (Feb 05)