Re: Security patch for gettext-0.11.5/ltmain.sh

bug-libtool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security patch for gettext-0.11.5/ltmain.sh

From:	Paul Eggert
Subject:	Re: Security patch for gettext-0.11.5/ltmain.sh
Date:	Wed, 18 Sep 2002 14:25:18 -0700 (PDT)

> From: Bruno Haible <address@hidden>
> Date: Wed, 18 Sep 2002 22:28:16 +0200 (CEST)
> 
> It is platform dependent. On some platforms (like HP-UX and AIX)
> "make install" does require write access to the .libs directories.

Still, it is a security hole to create world-writeable directories.

Here's an idea for improving things.  If "make install" detects that
it lacks write access to a local .libs directory owned by user U, it
does something like this:

  echo 'I lack write access to directory foo/bar/.libs, which is owned by U.'
  echo 'Please enter U's password to complete the installation:'
  su U -c 'command that needs write access to foo/bar/.libs'

That way, there is never an instant when a directory is world-writeable.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Security patch for gettext-0.11.5/ltmain.sh, Bruno Haible, 2002/09/17
- Re: Security patch for gettext-0.11.5/ltmain.sh, Andrew V. Samoilov, 2002/09/17
  - Re: Security patch for gettext-0.11.5/ltmain.sh, Bruno Haible, 2002/09/18
    - Re: Security patch for gettext-0.11.5/ltmain.sh, Paul Eggert <=
    - Re: Security patch for gettext-0.11.5/ltmain.sh, Bruno Haible, 2002/09/19

Prev by Date: Re: Security patch for gettext-0.11.5/ltmain.sh
Next by Date: Re: Security patch for gettext-0.11.5/ltmain.sh
Previous by thread: Re: Security patch for gettext-0.11.5/ltmain.sh
Next by thread: Re: Security patch for gettext-0.11.5/ltmain.sh
Index(es):
- Date
- Thread