Lawrence;
I see that the key here is that the attacker is a user with local access to a
system (be it by login, security hole in another binary giving shell access as
that binary's user, etc). The admin merely runs the innocent package, and due
to the attacker's symlinks, causes damage to his ow
Here's a patch that I wrote to address that security "hole" in config.guess.
I sent it to [EMAIL PROTECTED] on June 4, 2002 but have not heard from
them since. The patch works with GNU config.guess 2002-05-29, available at
ftp://ftp.gnu.org/pub/gnu/config/config.guess
The patch tries to ensure
>Effort to reduce this kind of a security "hole" are quite fruitless, so
>long as I
>or anyone can build a ./configure that will simply "rm -fr /*";
Please correct me if I'm wrong, but doesn't that again inaccurately assume
what David pointed out: that the attacker and distributor/provider are
www.French-Union.com
Agence de Rencontre
Internationale
French Dating
Services
Europe, asie, amerique du
nord et du sud, oceanie
Hi!
Here is a snapshot of the 1.6 branch of Automake.
ftp://sources.redhat.com/pub/automake/automake-1.6.1b.tar.gz
ftp://sources.redhat.com/pub/automake/automake-1.6.1b.tar.bz2
Please test it and report any problem you have,
so we can release 1.6.2 soon.
New in 1.6.1b:
* Many bug fixe
Title: ¾È³çÇϼ¼¿ä. ÄĽº´ÚÀÔ´Ï´Ù.
¾È³çÇϼ¼¿ä. ÄĽº´ÚÀÔ´Ï´Ù.
¹ü ±¹¹ÎÀû ÃàüÀÎ ¿ùµåÄÅ ±â³äÇÏ¿© ÄÄÇ»ÅÍ
³ë¸¶Áø ¼¼ÀÏÀ» ½Ç½Ã¾Ð´Ï´Ù.´Ù³â°£ ÃàÀûµÈ ÄÄÇ»ÅÍ H/W¿¡ ´ëÇÑ ±â¼ú·Â°ú ÄÄÇ»ÅÍ
ºÎÇ°/ÁÖº¯±â±
Effort to reduce this kind of a security "hole" are quite fruitless, so long as I
or anyone can build a ./configure that will simply "rm -fr /*"; nevertheless, I do
support David's comment:
> 2. A non-root mindset should be encouraged. Indeed, I'd support a case
> for a default of "if root th
On Sat, 8 Jun 2002, Bernd Jendrissek wrote:
> On Fri, Jun 07, 2002 at 04:50:23PM -0400, Lawrence Teo wrote:
> > My point is, if config.guess can be hardened against such potential symlink
> > attacks, why shouldn't it be? Of course, it would be great to educate all
> > admins not to build stuff
They aren't created by configure. These are Makefiles of a
thirty-party product
that I want to link with my application.
Thank you,
Frederico Faria.
Alexandre Duret-Lutz wrote:
>
> >>> "Frederico" == Frederico Faria <[EMAIL PROTECTED]> writes:
>
> Frederico> I have any .mk files that
this may be related with automake, sorry
i got this error
gcc -g -O2 -o isoqlog Data.o Dir.o Html.o ...
gcc: Data.o: No such file or directory
...
gcc: No input files specified
*** Error code 1
what is wrong?
Makefile.am
--
bin_PROGRAMS = isoqlog
isoqlog_SOURCES = Data.c Dir.c
10 matches
Mail list logo
