libtool-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FYI] Re: Vulnerability in libtool 1.5

From: Gary V . Vaughan
Subject: Re: [FYI] Re: Vulnerability in libtool 1.5
Date: Sun, 4 Jan 2004 20:06:38 +0000 
I have no problem with starting to use shell functions to libtool now,
and infact I think that it is the best way to bring some sanity to the code spaghetti we are trying to maintain. For now, I don't think it is safe to rely on any more advanced shell function features than enumerated parameter passing.
Here's a function (plus a bit of supporting gubbins) excerpted from libtoolize: 

: ${MKDIR="mkdir"}

sed_dirname='s,/[^/]*$,,'

# func_mkdir_p dir
# Make sure the entire path to DIR is available.
func_mkdir_p ()
{
    my_dir=$1
    my_dirs=

    while test ! -d "$my_dir"; do
      my_dirs="$my_dir $my_dirs"
      case $my_dir in */*) ;; *) break ;; esac
      my_dir=`echo "$my_dir" | sed "$sed_dirname"`
    done
   test ! -n "$my_dirs" || $MKDIR $my_dirs
}

Cheers,
        Gary.

On Saturday, January 3, 2004, at 02:44  pm, Scott James Remnant wrote:

+2004-01-03  Stefan Nordhausen  <address@hidden>
+       Scott James Remnant  <address@hidden>
+
+       * m4/ltmain.in: Don't use the mkdir -p option when creating a
+       temporary output directory so a symlink attack can't be used to
+       arbitrarily chmod other directories on the system if libtool
+       gets run as root.


--
Gary V. Vaughan      ())_.  address@hidden,gnu.org}
Research Scientist   ( '/   http://www.oranda.demon.co.uk
GNU Hacker           / )=   http://www.gnu.org/software/libtool
Technical Author   `(_~)_   http://sources.redhat.com/autobook
reply via email to
[Prev in Thread] Current Thread [Next in Thread]