[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
From: |
Stefano Lattarini |
Subject: |
Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!) |
Date: |
Thu, 12 Jul 2012 22:49:13 +0200 |
On 07/12/2012 08:23 PM, Eric Dorland wrote:
> * Stefano Lattarini (address@hidden) wrote:
>> On 07/10/2012 12:14 AM, Eric Dorland wrote:
>>>
>>> Are older versions of automake also vulnerable?
>>>
>> Yes, all those back to 1.4 (at least). Sorry for not stating that
>> explicitly.
>
> So I'm not obviously finding this vulnerability in automake 1.4. The
> code has changed a lot clearly since then, but I'm not even finding a
> chmod that looks similar. Can anyone confirm this problem is present
> in automake 1.4?
>
------------------
Git Repository
------------------
$ git clone git://git.savannah.gnu.org/automake.git
$ cd automake
$ git checkout Release-1-4-p6
$ git grep -C3 'chmod 777.*distdir'
Makefile.in-distdir: $(DISTFILES)
Makefile.in- -rm -rf $(distdir)
Makefile.in- mkdir $(distdir)
Makefile.in: -chmod 777 $(distdir)
Makefile.in- here=`cd $(top_builddir) && pwd`; \
Makefile.in- top_distdir=`cd $(distdir) && pwd`; \
Makefile.in- distdir=`cd $(distdir) && pwd`; \
--
Makefile.in- test -d $(distdir)/$$subdir \
Makefile.in- || mkdir $(distdir)/$$subdir \
Makefile.in- || exit 1; \
Makefile.in: chmod 777 $(distdir)/$$subdir; \
Makefile.in- (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS)
top_distdir=../$(distdir) distdir=../$(distdir)/$$sub
Makefile.in- || exit 1; \
Makefile.in- fi; \
--
automake.in- # Create dist directory.
automake.in- $output_rules .= ("\t-rm -rf \$(distdir)\n"
automake.in- . "\tmkdir \$(distdir)\n"
automake.in: . "\t-chmod 777 \$(distdir)\n");
automake.in- }
automake.in-
automake.in- # Only run automake in `dist' target if --include-deps and
--
automake.in- . "\t" . ' test -d $(distdir)/$$subdir ' . "\\\n"
automake.in- . "\t" . ' || mkdir $(distdir)/$$subdir ' . "\\\n"
automake.in- . "\t" . ' || exit 1; ' . "\\\n"
automake.in: . "\t" . ' chmod 777 $(distdir)/$$subdir; ' . "\\\n"
automake.in- . "\t" . ' (cd $$subdir'
automake.in- . ' && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$('
automake.in- . (($relative_dir eq '.') ? 'distdir' : 'top_distdir')
------------------------
Distribution Tarball
------------------------
$ wget http://ftp.gnu.org/gnu/automake/automake-1.4-p6.tar.gz
$ tar xaf automake-1.4-p6.tar.gz
$ cd automake-1.4-p6
$ grep -r -C3 'chmod 777.*distdir'
Makefile.in-distdir: $(DISTFILES)
Makefile.in- -rm -rf $(distdir)
Makefile.in- mkdir $(distdir)
Makefile.in: -chmod 777 $(distdir)
Makefile.in- @for file in $(DISTFILES); do \
Makefile.in- d=$(srcdir); \
Makefile.in- if test -d $$d/$$file; then \
--
Makefile.in- test -d $(distdir)/$$subdir \
Makefile.in- || mkdir $(distdir)/$$subdir \
Makefile.in- || exit 1; \
Makefile.in: chmod 777 $(distdir)/$$subdir; \
Makefile.in- (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS)
top_distdir=../$(distdir) distdir=../$(distdir)/$$subdir distdir) \
Makefile.in- || exit 1; \
Makefile.in- fi; \
--
automake.in- # Create dist directory.
automake.in- $output_rules .= ("\t-rm -rf \$(distdir)\n"
automake.in- . "\tmkdir \$(distdir)\n"
automake.in: . "\t-chmod 777 \$(distdir)\n");
automake.in- }
automake.in-
automake.in- # Only run automake in `dist' target if --include-deps and
--
automake.in- . "\t" . ' test -d $(distdir)/$$subdir ' . "\\\n"
automake.in- . "\t" . ' || mkdir $(distdir)/$$subdir ' . "\\\n"
automake.in- . "\t" . ' || exit 1; ' . "\\\n"
automake.in: . "\t" . ' chmod 777 $(distdir)/$$subdir; ' . "\\\n"
automake.in- . "\t" . ' (cd $$subdir'
automake.in- . ' && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$('
automake.in- . (($relative_dir eq '.') ? 'distdir' : 'top_distdir')
HTH,
Stefano
- GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/09
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland, 2012/07/12
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!),
Stefano Lattarini <=
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland, 2012/07/12
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/13
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Diego Elio Pettenò, 2012/07/13
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Stefano Lattarini, 2012/07/13
- Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Eric Dorland, 2012/07/13
Re: GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!), Dmitry V. Levin, 2012/07/10