Lawrence Teo writes: > I was learning Automake last night, and I think I found a security > vulnerability. I'm not sure if this is already known, but I couldn't > find it on Bugtraq. The security vulnerability is the insecure > creation of temporary files in the config.guess script which leads > to a race condition. The config.* files are maintained separately from automake AFAIK.
> In the config.guess script, there's a line that says: [standard temp file symlink attack] > My recommendations are: > > 1. Check if the dummy file exists. If it does, append a number to > it. If that still exists, keep changing that number until we > come up with a filename that does not already exist (this is > similar to mutt's temporary files /tmp/mutt-HOSTNAME-PID-SOMENUM); > or > > 2. Use a random hash value instead of the process ID ($$), which > would be the preferred alternative. However, I don't know how > feasible it is to do this in a simple, portable way that's > consistent with Automake. I believe a better way would be to create the temp files in a newly created chmod 700'd directory under /tmp. Maybe combined with 2.
