On Mar 13, 2000, Akim Demaille <[EMAIL PROTECTED]> wrote:
>>>>>> "Joseph" == Joseph S Myers <[EMAIL PROTECTED]> writes:
Joseph> The problems with temporary file security in autoconf's shell
Joseph> scripts (predictable file names in /tmp, opened without
Joseph> O_EXCL) have been well known for a long time, though it seems
Joseph> still not fixed in CVS.
> Pff, in addition to portability issues you want us to address
> security... :(
Yep, that's a very important concern. We don't want people to start
spreading word that autoconf introduces security holes in your
software.
> How dangerous are those ``holes'', really?
How would you like someone else to be able to cause you to unknowingly
overwrite your .profile or Web page? It's just a matter of their
creating a link from /tmp/conftest9012345 to your file they want to
overwrite and wait for you to configure some package that tests for
long filenames.
Moreover, there's another problem: any user may simply touch
/tmp/conftest9012345 and cause autoconf to think long filenames are
not supported, unless the user sets TMPDIR to something other than
/tmp. No good.
> What would you suggest?
At the very least, we should make it harder for one to guess the name
of the files we use for the test, by using the PID instead of a fixed
filename. A better solution would be to create a unique subdirectory
in /tmp in which we create the files to perform this test. We should
not accept a pre-existing directory, i.e., we must attempt to create
directories with different names until mkdir succeeds.
There would still be security concerns, such as /tmp being
world-writable, so that anyone would be able to rename our unique
directory and create another one under their control, but that's not
something we should be expected to work around in shell-scripts;
having /tmp with the sticky bit enabled takes care of this problem,
and most systems are configured as such.
--
Alexandre Oliva http://www.ic.unicamp.br/~oliva/ Enjoy Guaranį
Cygnus Solutions, a Red Hat company aoliva@{redhat, cygnus}.com
Free Software Developer and Evangelist CS PhD student at IC-Unicamp
oliva@{lsd.ic.unicamp.br, gnu.org} Write to mailing lists, not to me
