diff options
| author | Pavel Raiskup <praiskup@redhat.com> | 2018-03-11 21:47:54 +0100 |
|---|---|---|
| committer | Mathieu Lirzin <mthl@gnu.org> | 2018-03-11 22:18:51 +0100 |
| commit | 968bf9f66e3966d1975295b97539876518ebd2a0 (patch) | |
| tree | 5b61198cb9696340b5976b91a5dcb9834304724c /NEWS | |
| parent | 74902aa24d4c313ab51fa684142d9240f636971a (diff) | |
| download | automake-968bf9f66e3966d1975295b97539876518ebd2a0.tar.gz | |
install-sh: avoid (low risk) race in "/tmp"
Ensure that nobody can cross privilege boundaries by pre-creating
symlink on '$tmpdir' destination directory.
Just testing 'mkdir -p' by creating "/tmp/ins$RANDOM-$$/d" is not safe
because "/tmp" directory is usually world-writeable and
"/tmp/ins$RANDOM-$$" content could be pretty easily guessed by
attacker (at least for shells where $RANDOM is not supported). So, as
the first step, create the "/tmp/ins$RANDOM-$$" without -p. This step
would fail early if somebody wanted catch us.
Systems that implement (and have enabled) fs.protected_symlinks kernel
feature are not affected even without this commit.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760455
https://bugzilla.redhat.com/show_bug.cgi?id=1140725
* lib/install-sh: Implement safer 'mkdir -p' test by running
'$mkdirprog $mkdir_mode "$tmpdir"' first.
* NEWS: Update.
Signed-off-by: Mathieu Lirzin <mthl@gnu.org>
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -66,6 +66,9 @@ New in ?.?.?: * Bugs fixed: + - 'install-sh' now ensures that nobody can cross privilege boundaries by + pre-creating symlink on the directory inside "/tmp". + - 'automake' does not depend on the 'none' subroutine of the List::Util module anymore to support older Perl version. (automake bug#30631) |