This is the mail archive of the
automake@gnu.org
mailing list for the automake project.
Re: libtool /tmp security
- To: Akim Demaille <akim at epita dot fr>
- Subject: Re: libtool /tmp security
- From: Earnie Boyd <earnie_boyd at yahoo dot com>
- Date: Wed, 15 Mar 2000 06:31:24 -0800 (PST)
- Cc: Alexandre Oliva <oliva at lsd dot ic dot unicamp dot br>, "Gary V. Vaughan" <gary at oranda dot demon dot co dot uk>, "Joseph S. Myers" <jsm28 at cam dot ac dot uk>, bug-libtool at gnu dot org, autoconf at gnu dot org, automake at gnu dot org
- Reply-To: earnie_boyd at yahoo dot com
--- Akim Demaille <akim@epita.fr> wrote:
> >>>>> "Earnie" == Earnie Boyd <earnie_boyd@yahoo.com> writes:
>
> Earnie> --- Akim Demaille <akim@epita.fr> wrote: -8<-
> >> As for mkdir -m, it seems to me that
> >>
> >> (umask 700 && mkdir /tmp/foo)
>
> Grmph, 077.
>
> >>
> >> is just fine.
> >>
> Earnie> -8<-
>
> Earnie> Why use /tmp at all? Since autoconf is for portibility you
> Earnie> can't really assume that /tmp exists. Why not simply create a
> Earnie> temporary directory in the current working directory? IMO
> Earnie> this would handle any security issues as well as any race
> Earnie> issues.
>
> Let it be for speed issues, I'm in favor of /tmp via TMPDIR. This
> should be portable enough, and testing it beforehand is OK.
>
> Now, if experts consider this is a security hole...
You missed the point; /tmp isn't portable, it doesn't always exist (E.G.: MSDOS
or WINDOWS). At least with TMPDIR I can set it to be whatever I want it to be.
If you want speed do mkdir ./foo instead of mkdir -m /tmp/foo.
=====
---
Earnie Boyd: <mailto:earnie_boyd@yahoo.com>
__Cygwin: POSIX on Windows__
Cygwin Newbies: <http://www.freeyellow.com/members5/gw32/index.html>
__Minimalist GNU for Windows__
Mingw32 List: <http://www.egroups.com/group/mingw32/>
Mingw Home: <http://www.mingw.org/>
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com