Bugtraq mailing list archives
Re: Symlink Vulnerability in GNU libtool <1.5.2
From: "Joseph S. Myers" <jsm () polyomino org uk>
Date: Tue, 3 Feb 2004 09:47:46 +0000 (UTC)
On Fri, 30 Jan 2004, Stefan Nordhausen wrote:
Solution: Updating to libtool 1.5.2 (the current stable release) will eliminate the vulnerability. If you want to stick with your old version of libtool you can easily fix this bug yourself. In "ltmain.in" (or file "libtool", whichever applies for you) you should replace the line: if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then : with if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then :
The chmod has a race (that access to the temporary directory could be gained after it is created but before it is chmoded) - which I pointed out when I reported this security bug four years ago <http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405> - so is of limited security value. Alexandre Oliva's patch at that time (<orsnxk8oqu.fsf () garnize lsd ic unicamp br> on libtool-patches) used umask to avoid that problem, but wasn't committed (an entirely separate patch was committed under that log message). -- Joseph S. Myers jsm () polyomino org uk
Current thread:
- Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 02)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Joseph S. Myers (Feb 03)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Scott James Remnant (Feb 04)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 05)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Stefan Nordhausen (Feb 03)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 jsm (Feb 05)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 Joseph S. Myers (Feb 03)