[Fwd: FYI: branch-1-5: fix local denial of service in relink]
James Kosin
jkosin at beta.intcomgrp.com
Tue Dec 20 17:41:33 UTC 2005
Everyone,
Not sure if this interests anyone. I reported and the libtool group
responded with a patch for the mktemp file patch supplied by redhat.
The group did say it was an open security / DOS (denial of service) problem.
Also, sorry about my email not being signed... Our network went from
workgroup to domain and I lost my gpg signatures. Will have to make new
later.
Thanks,
James Kosin
---- Original Message ----
From - Mon Dec 19 08:38:06 2005
X-Account-Key: account2
X-UIDL: AAwxUJBAAAQHAoeNlePNMK01LNu50oh5
X-Mozilla-Status: 1003
X-Mozilla-Status2: 00000000
Received: from smtp3.netcologne.de ([194.8.194.66]) by
alpha-two.intcomgrp.com with Microsoft SMTPSVC(5.0.2195.6713);
Sun, 18 Dec 2005 17:55:48 -0500
Received: from localhost.localdomain (xdsl-84-44-203-174.netcologne.de
[84.44.203.174])
by smtp3.netcologne.de (Postfix) with ESMTP id 939B067490;
Sun, 18 Dec 2005 23:51:01 +0100 (CET)
Received: from ralf by localhost.localdomain with local (Exim 4.50)
id 1Eo7Mr-0002bz-KH; Sun, 18 Dec 2005 23:51:01 +0100
Date: Sun, 18 Dec 2005 23:51:01 +0100
From: Ralf Wildenhues <Ralf.Wildenhues at gmx.de>
To: libtool-patches at gnu.org
Cc: James Kosin <jkosin at intcomgrp.com>
Subject: FYI: branch-1-5: fix local denial of service in relink (was:
LibTool-1.5.20 Test problems)
Message-ID: <20051218225101.GB5502 at iam.uni-bonn.de>
Mail-Followup-To: libtool-patches at gnu.org,
James Kosin <jkosin at intcomgrp.com>
References: <4398449F.40205 at intcomgrp.com>
<20051209075900.GD27592 at iam.uni-bonn.de> <43998D8D.40405 at intcomgrp.com>
<20051209141321.GA6796 at iam.uni-bonn.de> <43999790.2030503 at intcomgrp.com>
<20051218192425.GB20871 at iam.uni-bonn.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20051218192425.GB20871 at iam.uni-bonn.de>
Organization: Department of Numerical Simulation, University of Bonn
User-Agent: Mutt/1.5.9i
Return-Path: Ralf.Wildenhues at gmx.de
X-OriginalArrivalTime: 18 Dec 2005 22:55:49.0187 (UTC)
FILETIME=[30471130:01C60426]
Applied to branch-1-5 (already fixed in HEAD).
Cheers,
Ralf
* ltmain.in (func_mktempdir): New, backported from HEAD.
(link mode): Use it. Fixes potential denial of service through
malicious other local user.
Reported by James Kosin <jkosin at intcomgrp.com>.
Index: ltmain.in
===================================================================
RCS file: /cvsroot/libtool/libtool/Attic/ltmain.in,v
retrieving revision 1.334.2.113
diff -u -r1.334.2.113 ltmain.in
--- ltmain.in 18 Dec 2005 18:11:06 -0000 1.334.2.113
+++ ltmain.in 18 Dec 2005 18:37:12 -0000
@@ -141,6 +141,43 @@
# Shell function definitions:
# This seems to be the best place for them
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible. If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+ my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+ if test "$run" = ":"; then
+ # Return a directory name, but don't create it in dry-run mode
+ my_tmpdir="${my_template}-$$"
+ else
+
+ # If mktemp works, use that first and foremost
+ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+ if test ! -d "$my_tmpdir"; then
+ # Failing that, at least try and use $RANDOM to avoid a race
+ my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+ save_mktempdir_umask=`umask`
+ umask 0077
+ $mkdir "$my_tmpdir"
+ umask $save_mktempdir_umask
+ fi
+
+ # If we're not in dry-run mode, bomb out on failure
+ test -d "$my_tmpdir" || {
+ $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
+ exit $EXIT_FAILURE
+ }
+ fi
+
+ $echo "X$my_tmpdir" | $Xsed
+}
+
+
# func_win32_libid arg
# return the library type of file 'arg'
#
@@ -6095,18 +6132,7 @@
outputname=
if test "$fast_install" = no && test -n "$relink_command"; then
if test "$finalize" = yes && test -z "$run"; then
- tmpdir="/tmp"
- test -n "$TMPDIR" && tmpdir="$TMPDIR"
- tmpdir="$tmpdir/libtool-$$"
- save_umask=`umask`
- umask 0077
- if $mkdir "$tmpdir"; then
- umask $save_umask
- else
- umask $save_umask
- $echo "$modename: error: cannot create temporary directory
\`$tmpdir'" 1>&2
- continue
- fi
+ tmpdir=`func_mktempdir`
file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
outputname="$tmpdir/$file"
# Replace the output file specification.
--
Scanned by ClamAV - http://www.clamav.net
More information about the fedora-legacy-list
mailing list