This is the mail archive of the automake@gnu.org mailing list for the automake project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Security vulnerability in automake

From: Bruce Korb <bkorb at pacbell dot net>
To: Allan Clark <allanc at caldera dot com>
Cc: automake at gnu dot org
Date: Fri, 07 Jun 2002 13:36:59 -0700
Subject: Re: Security vulnerability in automake
References: <F129fZXaL8xKtm4I6eM00011d0c@hotmail.com> <3D030FB1.2040702@caldera.com>

Allan Clark wrote:
> 
> This is really not an issue;

There are a lot of sloppy people around.
I had a make check test divert its output to /dev/null,
only the test also changed the permissions of the output
file, too.  Someone complained that /dev/null became r--r--r--.
It might be useful to choke on non-install targets when
the uid is zero?  *sigh*  "If it hurts, don't do it."  :-)

References:
- Security vulnerability in automake
  - From: Lawrence Teo
- Re: Security vulnerability in automake
  - From: Allan Clark

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]