From: Alexandre Duret-Lutz <adl@gnu.org>
Date: Sun, 29 Feb 2004 16:26:12 +0000 (+0000)
Subject: Fix for PR/413:
X-Git-Tag: Release-1-8b~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9800a566efb292d0cba6301815e40c42ff1b552;p=thirdparty%2Fautomake.git

Fix for PR/413:
* lib/am/distdir.am (distcheck): Create $dc_destdir with `umask
077 && mkdir' instead of `$(mkdir_p)'.  This prevents possible
symlink attacks reported by Stefan Nordhausen.
---

diff --git a/ChangeLog b/ChangeLog
index 979cfef8b..a9071376f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2004-02-29  Alexandre Duret-Lutz  <adl@gnu.org>
+
+	Fix for PR/413:
+	* lib/am/distdir.am (distcheck): Create $dc_destdir with `umask
+	077 && mkdir' instead of `$(mkdir_p)'.  This prevents possible
+	symlink attacks reported by Stefan Nordhausen.
+
 2004-02-16  Alexandre Duret-Lutz  <adl@gnu.org>
 
 	* doc/automake.texi (Multiple Outputs): More text, based on
diff --git a/Makefile.in b/Makefile.in
index d06370819..de8722e3a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -450,7 +450,7 @@ distcheck: dist
 	        distuninstallcheck \
 	  && chmod -R a-w "$$dc_install_base" \
 	  && ({ \
-	       (cd ../.. && $(mkdir_p) "$$dc_destdir") \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
diff --git a/THANKS b/THANKS
index 1a2b89657..cbdf7dd61 100644
--- a/THANKS
+++ b/THANKS
@@ -225,6 +225,7 @@ Shuhei Amakawa		sa264@cam.ac.uk
 Shigio Yamaguchi	shigio@tamacom.com
 Simon Josefsson		jas@extundo.com
 Simon Richter		sjr@debian.org
+Stefan Nordhausen	nordhaus@informatik.hu-berlin.de
 Stepan Kasal		kasal@math.cas.cz
 Steve M. Robbins	steve@nyongwa.montreal.qc.ca
 Sven Verdoolaege	skimo@kotnet.org
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index 71ee77692..49311d35b 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -357,8 +357,9 @@ distcheck: dist
 ## $(distdir) is).
 	  && ({ \
 ## Build the directory, so we can cd into it even if `make install'
-## didn't create it.
-	       (cd ../.. && $(mkdir_p) "$$dc_destdir") \
+## didn't create it.  Use mkdir, not $(mkdir_p) because we want to
+## fail if the directory already exists (PR/413).
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \