Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 May 2012 19:41:10 +0400
From: Solar Designer <>
Subject: Re: configure script for musl (?!)

On Wed, May 02, 2012 at 11:39:03AM -0400, Rich Felker wrote:
> On Wed, May 02, 2012 at 07:05:43PM +0400, Solar Designer wrote:
> > I think the biggest problem here is in the failure mode.  In the draft
> > script you posted, if "set -C" fails the script will proceed to
> > potentially clobber a file via a (sym)link provided by another user, or
> > it may use a FIFO or a regular file pre-created by another user (and set
> > to e.g. mode 666), in which case the input to the compiler would be
> > under that other user's control (even if we're running with a safe umask).
> Since set is a shell builtin, I was assuming it won't fail, but I can
> add "|| fail msg_here" to it.

FWIW, I was referring to possible script invocations with a non-POSIX
shell.  If these merely fail to configure musl, that's acceptable.
If they expose the invoking user to unexpected security risks, that's
another story.

> > > > Rather than use $TMPDIR or /tmp, I think it'd be safer to place the file
> > > > in the same directory with the configure script or in the current
> I agree. In that case, secure creation is mostly a non-issue.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.