[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: autoconf potential bug...

From: Ben Pfaff
Subject: Re: autoconf potential bug...
Date: Tue, 09 Mar 2004 11:02:34 -0800
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

Shaun Colley <address@hidden> writes:


> Maybe this is well-known, but when "configure" scripts
> made with autoconf are writing to temp files, they
> sometimes don't check if the file is a symlink (or so
> it seemed to me), so doesn't this present itself as a
> security vulnerability?
> As an example, I created a symlink called
> 'config.cache' in the directory of the package I was
> installing, and linked it to /etc/bleh.  [...]

Why would an attacker have permission to write into your
directory?  Temporary file vulnerabilities generally involve
shared directories, like /tmp, not private directories.
Ben Pfaff 
email: address@hidden
web: http://benpfaff.org

reply via email to

[Prev in Thread] Current Thread [Next in Thread]