[Fwd: FYI: branch-1-5: fix local denial of service in relink]

James Kosin jkosin at beta.intcomgrp.com
Tue Dec 20 17:41:33 UTC 2005 

Everyone,

Not sure if this interests anyone.  I reported and the libtool group
responded with a patch for the mktemp file patch supplied by redhat.
The group did say it was an open security / DOS (denial of service) problem.

Also, sorry about my email not being signed...  Our network went from
workgroup to domain and I lost my gpg signatures.  Will have to make new
later.

Thanks,
James Kosin

---- Original Message ----
 From - Mon Dec 19 08:38:06 2005
X-Account-Key: account2
X-UIDL: AAwxUJBAAAQHAoeNlePNMK01LNu50oh5
X-Mozilla-Status: 1003
X-Mozilla-Status2: 00000000
Received: from smtp3.netcologne.de ([194.8.194.66]) by
alpha-two.intcomgrp.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Sun, 18 Dec 2005 17:55:48 -0500
Received: from localhost.localdomain (xdsl-84-44-203-174.netcologne.de
[84.44.203.174])
	by smtp3.netcologne.de (Postfix) with ESMTP id 939B067490;
	Sun, 18 Dec 2005 23:51:01 +0100 (CET)
Received: from ralf by localhost.localdomain with local (Exim 4.50)
	id 1Eo7Mr-0002bz-KH; Sun, 18 Dec 2005 23:51:01 +0100
Date: Sun, 18 Dec 2005 23:51:01 +0100
From: Ralf Wildenhues <Ralf.Wildenhues at gmx.de>
To: libtool-patches at gnu.org
Cc: James Kosin <jkosin at intcomgrp.com>
Subject: FYI: branch-1-5: fix local denial of service in relink (was:
LibTool-1.5.20 Test problems)
Message-ID: <20051218225101.GB5502 at iam.uni-bonn.de>
Mail-Followup-To: libtool-patches at gnu.org,
	James Kosin <jkosin at intcomgrp.com>
References: <4398449F.40205 at intcomgrp.com>
<20051209075900.GD27592 at iam.uni-bonn.de> <43998D8D.40405 at intcomgrp.com>
<20051209141321.GA6796 at iam.uni-bonn.de> <43999790.2030503 at intcomgrp.com>
<20051218192425.GB20871 at iam.uni-bonn.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20051218192425.GB20871 at iam.uni-bonn.de>
Organization: Department of Numerical Simulation, University of Bonn
User-Agent: Mutt/1.5.9i
Return-Path: Ralf.Wildenhues at gmx.de
X-OriginalArrivalTime: 18 Dec 2005 22:55:49.0187 (UTC)
FILETIME=[30471130:01C60426]

Applied to branch-1-5 (already fixed in HEAD).

Cheers,
Ralf

  	* ltmain.in (func_mktempdir): New, backported from HEAD.
  	(link mode): Use it.  Fixes potential denial of service through
  	malicious other local user.
  	Reported by James Kosin <jkosin at intcomgrp.com>.

Index: ltmain.in
===================================================================
RCS file: /cvsroot/libtool/libtool/Attic/ltmain.in,v
retrieving revision 1.334.2.113
diff -u -r1.334.2.113 ltmain.in
--- ltmain.in	18 Dec 2005 18:11:06 -0000	1.334.2.113
+++ ltmain.in	18 Dec 2005 18:37:12 -0000
@@ -141,6 +141,43 @@
  # Shell function definitions:
  # This seems to be the best place for them

+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible.  If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+    my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+    if test "$run" = ":"; then
+      # Return a directory name, but don't create it in dry-run mode
+      my_tmpdir="${my_template}-$$"
+    else
+
+      # If mktemp works, use that first and foremost
+      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+      if test ! -d "$my_tmpdir"; then
+	# Failing that, at least try and use $RANDOM to avoid a race
+	my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+	save_mktempdir_umask=`umask`
+	umask 0077
+	$mkdir "$my_tmpdir"
+	umask $save_mktempdir_umask
+      fi
+
+      # If we're not in dry-run mode, bomb out on failure
+      test -d "$my_tmpdir" || {
+        $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
+	exit $EXIT_FAILURE
+      }
+    fi
+
+    $echo "X$my_tmpdir" | $Xsed
+}
+
+
  # func_win32_libid arg
  # return the library type of file 'arg'
  #
@@ -6095,18 +6132,7 @@
  	  outputname=
  	  if test "$fast_install" = no && test -n "$relink_command"; then
  	    if test "$finalize" = yes && test -z "$run"; then
-	      tmpdir="/tmp"
-	      test -n "$TMPDIR" && tmpdir="$TMPDIR"
-	      tmpdir="$tmpdir/libtool-$$"
-	      save_umask=`umask`
-	      umask 0077
-	      if $mkdir "$tmpdir"; then
-	        umask $save_umask
-	      else
-	        umask $save_umask
-		$echo "$modename: error: cannot create temporary directory
\`$tmpdir'" 1>&2
-		continue
-	      fi
+	      tmpdir=`func_mktempdir`
  	      file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
  	      outputname="$tmpdir/$file"
  	      # Replace the output file specification.




-- 
Scanned by ClamAV - http://www.clamav.net

More information about the fedora-legacy-list mailing list