bug-libtool
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Symlink Vulnerability in GNU libtool <1.5.2

From: Gary V . Vaughan
Subject: Re: Symlink Vulnerability in GNU libtool <1.5.2
Date: Tue, 3 Feb 2004 21:49:11 +0000 
On Tuesday, February 3, 2004, at 08:33  pm, Scott James Remnant wrote:

On Tue, 2004-02-03 at 09:47, Joseph S. Myers wrote:

The chmod has a race (that access to the temporary directory could be
gained after it is created but before it is chmoded)


Would this patch be sufficient?  Gary et al. okay to apply if it is?

2003-02-03  Scott James Remnant  <address@hidden>

        * ltmain.in: Create temporary directory under a strict umask
        rather than running chmod afterwards, preventing a race
        condition where the directory could be replaced with a symbolic
        link in the time between the two commands.


Looks good from here.

Cheers,
        Gary.
--
Gary V. Vaughan      ())_.  address@hidden,gnu.org}
Research Scientist   ( '/   http://www.oranda.demon.co.uk
GNU Hacker           / )=   http://www.gnu.org/software/libtool
Technical Author   `(_~)_   http://sources.redhat.com/autobook
reply via email to
[Prev in Thread] Current Thread [Next in Thread]