RE: Symlink Vulnerability in GNU libtool <1.5.2

bug-libtool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Symlink Vulnerability in GNU libtool <1.5.2

From:	Muders, Thomas
Subject:	RE: Symlink Vulnerability in GNU libtool <1.5.2
Date:	Thu, 5 Feb 2004 14:05:28 +0100

Hello,

> Hm, interesting. That is the exact same bug that I found. As for the
> race with chmod: Do you know of a really good way to exploit 
> this one? I
> can only think of pretty harmless things to do with this. You 
> could fix
> this by using something like:
> 
> (umask 077 && mkdir $tmpdir) || exit 1
> 

there is an option "-m" for mkdir which sets the mode on creation. That makes 
sense, anyway, as the syscall for mkdir has a "mode" argument, too.

Or are there portability issues with that one?

regards,
        Thomas

--
address@hidden        |  Johannes Gutenberg-Universität Mainz
Systemabteilung/Unix       |         Zentrum für Datenverarbeitung
Tel: +49-6131-39-26015     |                           55099 Mainz
Fax: +49-6131-39-56015     |                 Tel: +49-6131-3926300

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Symlink Vulnerability in GNU libtool <1.5.2, Joseph S. Myers, 2004/02/03
- Re: Symlink Vulnerability in GNU libtool <1.5.2, Scott James Remnant, 2004/02/03
  - Re: Symlink Vulnerability in GNU libtool <1.5.2, Gary V . Vaughan, 2004/02/03
- Re: Symlink Vulnerability in GNU libtool <1.5.2, Stefan Nordhausen, 2004/02/04
  - Re: Symlink Vulnerability in GNU libtool <1.5.2, Bob Friesenhahn, 2004/02/04
    - Re: Symlink Vulnerability in GNU libtool <1.5.2, Stefan Nordhausen, 2004/02/06
- Re: Symlink Vulnerability in GNU libtool <1.5.2, jsm, 2004/02/04
- RE: Symlink Vulnerability in GNU libtool <1.5.2, Muders, Thomas <=

Prev by Date: Re: BUG: library type search order
Next by Date: Re: libtool-1.5.2 fails when there's a ~ in CC
Previous by thread: Re: Symlink Vulnerability in GNU libtool <1.5.2
Next by thread: compilation failed
Index(es):
- Date
- Thread