bug-libtool
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Symlink Vulnerability in GNU libtool <1.5.2

From: Bob Friesenhahn
Subject: Re: Symlink Vulnerability in GNU libtool <1.5.2
Date: Wed, 4 Feb 2004 16:21:29 -0600 (CST) 
On Wed, 4 Feb 2004, Stefan Nordhausen wrote:
>
> But then again this could all just be paranoia. The chmod race is AFAIK
> hardly a risk and the second issue applies to pretty much every shell
> script that doesn't use mktemp.

Paranoia.

> But that's no reason not to fix it. Based on some code from libtool you
> would get:
>
>
>                tmpdir="/tmp"
>                 test -n "$TMPDIR" && tmpdir="$TMPDIR"
>                 tmpdir="$tmpdir/libtool-$$.RANDOM.$RANDOM.$RANDOM"
>                 (umask 077 && $mkdir "$tmpdir") || {
>                    $echo "some error message" 1>&2
>                    continue
>                 }

You are assuming that $RANDOM is portable and functional across all
Bourne-like shells.

Bob
===
Bob Friesenhahn
address@hidden
http://www.simplesystems.org/users/bfriesen
reply via email to
[Prev in Thread] Current Thread [Next in Thread]