This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: egcs-CVS19980627, mips-sgi-irix6.2 bootstrap problem ...

To: Martin Knoblauch <knobi at rocketmail dot com>
Subject: Re: egcs-CVS19980627, mips-sgi-irix6.2 bootstrap problem ...
From: Alexandre Oliva <oliva at dcc dot unicamp dot br>
Date: 30 Jun 1998 08:03:13 -0300
Cc: law at cygnus dot com, Jim Wilson <wilson at cygnus dot com>, "Kaveh R. Ghazi" <ghazi at caip dot rutgers dot edu>, egcs-bugs at cygnus dot com
References: <19980630085749.16416.rocketmail@web4.rocketmail.com>

Martin Knoblauch <knobi@rocketmail.com> writes:

>> > If it is necessary to drop the extension for
> security reasons, then we have

>  OOOp. What are the security reasons? Just curious.

The way gcc created temporary names was easily predictable, so any
user could manage to overwrite arbitrary files owned by whoever runs
gcc, by creating soft-links from names gcc is likely to use to files
he intended to overwrite.

-- 
Alexandre Oliva
mailto:oliva@dcc.unicamp.br mailto:aoliva@acm.org
http://www.dcc.unicamp.br/~oliva
Universidade Estadual de Campinas, SP, Brasil

Follow-Ups:
- Re: egcs-CVS19980627, mips-sgi-irix6.2 bootstrap problem ...
  - From: Jeffrey A Law

References:
- Re: egcs-CVS19980627, mips-sgi-irix6.2 bootstrap problem ...
  - From: Martin Knoblauch

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]