-
Show log
Commit
-
Hash : bab7065f
Author :
Date : 2012-07-06T22:43:04
distcheck: never make part of $(distdir) world-writable This fixes a locally-exploitable security vulnerability (CVE-2012-3386). In the 'distcheck' rule, we used to make the just-extracted (from the distribution tarball) $(distdir) directory and all its files and subdirectories read-only; then, in order to create the '_inst' and '_build' subdirectories in there (used by the rest of the recipe) we made the top-level $(distdir) *world-writable* for an instant (the time to create those two directories) before making it read-only again. Making that directory world-writable (albeit only briefly) introduced a locally exploitable race condition for those who run "make distcheck" with a non-restrictive umask (e.g., 022) in a directory that is accessible by others. A successful exploit would result in arbitrary code execution with the privileges of the user running "make distcheck" -- game over. Jim Meyering wrote a proof-of-concept script showing that such exploit is easily implemented. This issue is similar to the CVE-2009-4029 vulnerability: <http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html> * lib/am/distdir.am (distcheck): Don't make $(distdir) world-writable, not even for an instant; make it user-writable instead, which is enough. Helped-By: Jim Meyering <jim@meyering.net> Signed-off-by: Stefano Lattarini <stefano.lattarini@gmail.com>
-
Files
- check.am
- check2.am
- clean-hdr.am
- clean.am
- compile.am
- configure.am
- data.am
- dejagnu.am
- depend.am
- depend2.am
- distdir.am
- footer.am
- header-vars.am
- header.am
- inst-vars.am
- install.am
- java.am
- lang-compile.am
- lex.am
- library.am
- libs.am
- libtool.am
- lisp.am
- ltlib.am
- ltlibrary.am
- mans-vars.am
- mans.am
- program.am
- progs.am
- python.am
- remake-hdr.am
- scripts.am
- subdirs.am
- tags.am
- texi-vers.am
- texibuild.am
- texinfos.am
- vala.am
- yacc.am
-
Properties
