(Install): Warn that you should create

/tmp/staging before installing into it, to avoid security problems.
author: Paul Eggert <eggert@cs.ucla.edu> 2004-07-05 07:07:05 +0000
committer: Paul Eggert <eggert@cs.ucla.edu> 2004-07-05 07:07:05 +0000
commit: abe03dd690b28027cea97532201ec991448537e1 (patch)
tree: 9fa85af4769f94508e192445b6c8f2aafb172320
parent: ac1bc9092242de3e2e791a47bc87d48d841ea540 (diff)
download: automake-abe03dd690b28027cea97532201ec991448537e1.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/automake.texi b/doc/automake.texi
index b4a007b63..0245b13b2 100644
--- a/doc/automake.texi
+++ b/doc/automake.texi
@@ -5258,10 +5258,13 @@ path is prefixed with the value of @samp{DESTDIR} before being copied
 into the install area.  Here is an example of typical DESTDIR usage:
 
 @example
+mkdir /tmp/staging &&
 make DESTDIR=/tmp/staging install
 @end example
 
-This places install objects in a directory tree built under
+The @command{mkdir} command avoids a security problem if the attacker
+creates a symbolic link from @file{/tmp/staging} to a victim area;
+then @command{make} places install objects in a directory tree built under
 @file{/tmp/staging}.  If @file{/gnu/bin/foo} and
 @file{/gnu/share/aclocal/foo.m4} are to be installed, the above command
 would install @file{/tmp/staging/gnu/bin/foo} and
author	Paul Eggert <eggert@cs.ucla.edu>	2004-07-05 07:07:05 +0000
committer	Paul Eggert <eggert@cs.ucla.edu>	2004-07-05 07:07:05 +0000
commit	abe03dd690b28027cea97532201ec991448537e1 (patch)
tree	9fa85af4769f94508e192445b6c8f2aafb172320
parent	ac1bc9092242de3e2e791a47bc87d48d841ea540 (diff)
download	automake-abe03dd690b28027cea97532201ec991448537e1.tar.gz