From: Stefan Nordhausen <nordhaus@informatik.hu-berlin.de>
Date: Fri, 23 Jan 2004 06:02:10 +0000 (+0000)
Subject: Scott James Remnant  <scott@netsplit.com>
X-Git-Tag: release-1-5-2~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=84a6d550d8ee06bfc7e346d0d7e70ae74e4fd3dc;p=thirdparty%2Flibtool.git

Scott James Remnant  <scott@netsplit.com>

* ltmain.in: Don't use the mkdir -p option when creating a
temporary output directory so a symlink attack can't be used to
arbitrarily chmod other directories on the system if libtool
gets run as root.
---

diff --git a/ChangeLog b/ChangeLog
index d404feb02..b448a2155 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2004-01-23  Stefan Nordhausen  <nordhaus@informatik.hu-berlin.de>
+	Scott James Remnant  <scott@netsplit.com>
+
+	* ltmain.in: Don't use the mkdir -p option when creating a
+	temporary output directory so a symlink attack can't be used to
+	arbitrarily chmod other directories on the system if libtool
+	gets run as root.
+
 2004-01-23  Scott James Remnant  <scott@netsplit.com>
 
 	* ltmain.in: new -precious-files-regex link mode option
diff --git a/ltmain.in b/ltmain.in
index c28a4da15..dff325658 100644
--- a/ltmain.in
+++ b/ltmain.in
@@ -5616,7 +5616,7 @@ relink_command=\"$relink_command\""
 	      tmpdir="/tmp"
 	      test -n "$TMPDIR" && tmpdir="$TMPDIR"
 	      tmpdir="$tmpdir/libtool-$$"
-	      if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then :
+	      if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then :
 	      else
 		$echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2
 		continue