This is the mail archive of the automake@gnu.org mailing list for the automake project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: libtool /tmp security

To: earnie_boyd at yahoo dot com
Subject: Re: libtool /tmp security
From: Akim Demaille <akim at epita dot fr>
Date: 15 Mar 2000 15:15:32 +0100
Cc: Alexandre Oliva <oliva at lsd dot ic dot unicamp dot br>, "Gary V. Vaughan" <gary at oranda dot demon dot co dot uk>, "Joseph S. Myers" <jsm28 at cam dot ac dot uk>, bug-libtool at gnu dot org, autoconf at gnu dot org, automake at gnu dot org
References: <20000315140826.28263.qmail@web109.yahoomail.com>

>>>>> "Earnie" == Earnie Boyd <earnie_boyd@yahoo.com> writes:

Earnie> --- Akim Demaille <akim@epita.fr> wrote: -8<-
>>  As for mkdir -m, it seems to me that
>> 
>> (umask 700 && mkdir /tmp/foo)

Grmph, 077.

>> 
>> is just fine.
>> 
Earnie> -8<-

Earnie> Why use /tmp at all?  Since autoconf is for portibility you
Earnie> can't really assume that /tmp exists.  Why not simply create a
Earnie> temporary directory in the current working directory?  IMO
Earnie> this would handle any security issues as well as any race
Earnie> issues.

Let it be for speed issues, I'm in favor of /tmp via TMPDIR.  This
should be portable enough, and testing it beforehand is OK.

Now, if experts consider this is a security hole...

References:
- Re: libtool /tmp security
  - From: Earnie Boyd

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]