[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FYI] Re: Vulnerability in libtool 1.5
From: |
Gary V . Vaughan |
Subject: |
Re: [FYI] Re: Vulnerability in libtool 1.5 |
Date: |
Sun, 4 Jan 2004 20:06:38 +0000 |
I have no problem with starting to use shell functions to libtool now,
and infact I think that it is the best way to bring some sanity to the
code spaghetti we are trying to maintain. For now, I don't think it is
safe to rely on any more advanced shell function features than
enumerated parameter passing.
Here's a function (plus a bit of supporting gubbins) excerpted from
libtoolize:
: ${MKDIR="mkdir"}
sed_dirname='s,/[^/]*$,,'
# func_mkdir_p dir
# Make sure the entire path to DIR is available.
func_mkdir_p ()
{
my_dir=$1
my_dirs=
while test ! -d "$my_dir"; do
my_dirs="$my_dir $my_dirs"
case $my_dir in */*) ;; *) break ;; esac
my_dir=`echo "$my_dir" | sed "$sed_dirname"`
done
test ! -n "$my_dirs" || $MKDIR $my_dirs
}
Cheers,
Gary.
On Saturday, January 3, 2004, at 02:44 pm, Scott James Remnant wrote:
+2004-01-03 Stefan Nordhausen <address@hidden>
+ Scott James Remnant <address@hidden>
+
+ * m4/ltmain.in: Don't use the mkdir -p option when creating a
+ temporary output directory so a symlink attack can't be used to
+ arbitrarily chmod other directories on the system if libtool
+ gets run as root.
--
Gary V. Vaughan ())_. address@hidden,gnu.org}
Research Scientist ( '/ http://www.oranda.demon.co.uk
GNU Hacker / )= http://www.gnu.org/software/libtool
Technical Author `(_~)_ http://sources.redhat.com/autobook