Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 May 2012 11:39:03 -0400
From: Rich Felker <>
Subject: Re: configure script for musl (?!)

On Wed, May 02, 2012 at 07:05:43PM +0400, Solar Designer wrote:
> I think the biggest problem here is in the failure mode.  In the draft
> script you posted, if "set -C" fails the script will proceed to
> potentially clobber a file via a (sym)link provided by another user, or
> it may use a FIFO or a regular file pre-created by another user (and set
> to e.g. mode 666), in which case the input to the compiler would be
> under that other user's control (even if we're running with a safe umask).

Since set is a shell builtin, I was assuming it won't fail, but I can
add "|| fail msg_here" to it.

> > I've actually been working on the issue and updated it to use $$,
> > $PPID, and a retry counter, so random failures will be extremely rare.
> > If anyone thinks it still matters, I'll add $(date|cksum) too.
> Oh, I think it's better to simply use the approach I suggested last:
> > > Rather than use $TMPDIR or /tmp, I think it'd be safer to place the file
> > > in the same directory with the configure script or in the current

I agree. In that case, secure creation is mostly a non-issue.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.