Fix for PR/413:

* lib/am/distdir.am (distcheck): Create $dc_destdir with `umask
077 && mkdir' instead of `$(mkdir_p)'.  This prevents possible
symlink attacks reported by Stefan Nordhausen.

diff --git a/ChangeLog b/ChangeLog
index 979cfef8b661a78a7d94f95666b6ac66af8660f6..a9071376f65fc35851aa737e6f9f7163413eeab4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2004-02-29  Alexandre Duret-Lutz  <adl@gnu.org>
+
+       Fix for PR/413:
+       * lib/am/distdir.am (distcheck): Create $dc_destdir with `umask
+       077 && mkdir' instead of `$(mkdir_p)'.  This prevents possible
+       symlink attacks reported by Stefan Nordhausen.
+
 2004-02-16  Alexandre Duret-Lutz  <adl@gnu.org>
 
        * doc/automake.texi (Multiple Outputs): More text, based on

diff --git a/Makefile.in b/Makefile.in
index d06370819c44e2c7ca3eb7562f0c0d82d3e3cd93..de8722e3a72081334402afc74fcf2a28b7bf3c61 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -450,7 +450,7 @@ distcheck: dist
                distuninstallcheck \
          && chmod -R a-w "$$dc_install_base" \
          && ({ \
-              (cd ../.. && $(mkdir_p) "$$dc_destdir") \
+              (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \

diff --git a/THANKS b/THANKS
index 1a2b8965700a7f0f7cca9dbbfc5d76ece8c9c9fe..cbdf7dd6125f300e589c472dd960f01771cdc7c9 100644 (file)
--- a/THANKS
+++ b/THANKS
@@ -225,6 +225,7 @@ Shuhei Amakawa              sa264@cam.ac.uk
 Shigio Yamaguchi       shigio@tamacom.com
 Simon Josefsson                jas@extundo.com
 Simon Richter          sjr@debian.org
+Stefan Nordhausen      nordhaus@informatik.hu-berlin.de
 Stepan Kasal           kasal@math.cas.cz
 Steve M. Robbins       steve@nyongwa.montreal.qc.ca
 Sven Verdoolaege       skimo@kotnet.org

diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index 71ee7769292f3489a6f4553aa3106ec53136cb9f..49311d35bc34d3d70f0d4f2498a98097e27ade46 100644 (file)
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -357,8 +357,9 @@ distcheck: dist
 ## $(distdir) is).
          && ({ \
 ## Build the directory, so we can cd into it even if `make install'
-## didn't create it.
-              (cd ../.. && $(mkdir_p) "$$dc_destdir") \
+## didn't create it.  Use mkdir, not $(mkdir_p) because we want to
+## fail if the directory already exists (PR/413).
+              (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
               && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \