| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Feb 2004 09:47:46 +0000 (UTC) From: "Joseph S. Myers" <jsm@...yomino.org.uk> To: bugtraq@...urityfocus.com, bug-libtool@....org Subject: Re: Symlink Vulnerability in GNU libtool <1.5.2 On Fri, 30 Jan 2004, Stefan Nordhausen wrote: > Solution: > Updating to libtool 1.5.2 (the current stable release) will eliminate > the vulnerability. If you want to stick with your old version of libtool > you can easily fix this bug yourself. In "ltmain.in" (or file "libtool", > whichever applies for you) you should replace the line: > > if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then : > > with > > if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then : The chmod has a race (that access to the temporary directory could be gained after it is created but before it is chmoded) - which I pointed out when I reported this security bug four years ago <http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405> - so is of limited security value. Alexandre Oliva's patch at that time (<orsnxk8oqu.fsf@...nize.lsd.ic.unicamp.br> on libtool-patches) used umask to avoid that problem, but wasn't committed (an entirely separate patch was committed under that log message). -- Joseph S. Myers jsm@...yomino.org.uk
Powered by blists - more mailing lists