This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Security patch for toplevel configure
- To: <gcc-patches at gcc dot gnu dot org>
- Subject: Security patch for toplevel configure
- From: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- Date: Mon, 1 Oct 2001 22:28:52 +0100 (BST)
The toplevel configure script handles temporary files insecurely, with
temporary file names depending only on the pid that may be overriden
through symlinks. This patch fixes this problem by creating a
temporary directory using mkdir (since at this point we don't know
whether the mktemp command is available) - so making it secure except
on any broken systems allowing mkdir through a symlink.
It passes configure. OK to commit to mainline and 3.0 branch?
Note: if approved, this should also be applied to the src repository,
to which I don't have write access, possibly including any active
release branches there, and to the 2.95 branch, which I don't have a
checked out tree of and where a slight adjustment to the patch will be
needed since the temporary file name there was cONf$$ not cNf$$.
2001-10-01 Joseph S. Myers <jsm28@cam.ac.uk>
* configure: Handle temporary files securely using mkdir.
--- configure 2001/05/23 17:24:49 1.36
+++ configure 2001/10/01 21:09:33
@@ -3,7 +3,7 @@
### WARNING: this file contains embedded tabs. Do not run untabify on this file.
# Configuration script
-# Copyright (C) 1988, 90, 91, 92, 93, 94, 95, 96, 97, 98, 1999
+# Copyright (C) 1988, 90, 91, 92, 93, 94, 95, 96, 97, 98, 1999, 2000, 2001
# Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
@@ -663,13 +663,15 @@
esac
# keep this filename short for &%*%$*# 14 char file names and 8+3 file names
-tmpfile=${TMPDIR}/cNf$$
+tmpdir=${TMPDIR}/cNf$$
+mkdir ${tmpdir} || exit 1
+tmpfile=${tmpdir}/cNf$$
# Note that under many versions of sh a trap handler for 0 will *override* any
# exit status you explicitly specify! At this point, the only non-error exit
# is at the end of the script; these actions are duplicated there, minus
# the "exit 1". Don't use "exit 0" anywhere after this without resetting the
# trap handler, or you'll lose.
-trap "rm -f Makefile.tem ${tmpfile}.com ${tmpfile}.tgt ${tmpfile}.hst ${tmpfile}.pos; exit 1" 0 1 2 15
+trap "rm -rf Makefile.tem ${tmpdir}; exit 1" 0 1 2 15
# split ${srcdir}/configure.in into common, per-host, per-target,
# and post-target parts. Post-target is optional.
@@ -696,7 +698,7 @@
# Perform the same cleanup as the trap handler, minus the "exit 1" of course,
# and reset the trap handler.
trap 0
- rm -f Makefile* ${tmpfile}.com ${tmpfile}.tgt ${tmpfile}.hst ${tmpfile}.pos
+ rm -rf Makefile* ${tmpdir}
# Execute the final clean-up actions
${config_shell} skip-this-dir
# and stop configuring this directory.
@@ -1600,7 +1602,7 @@
# Perform the same cleanup as the trap handler, minus the "exit 1" of course,
# and reset the trap handler.
-rm -f ${tmpfile}.com ${tmpfile}.tgt ${tmpfile}.hst ${tmpfile}.pos
+rm -rf ${tmpdir}
trap 0
exit 0
--
Joseph S. Myers
jsm28@cam.ac.uk