This is the mail archive of the
binutils@sourceware.cygnus.com
mailing list for the binutils project.
Binutils /tmp security
- To: binutils at sourceware dot cygnus dot com
- Subject: Binutils /tmp security
- From: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- Date: Tue, 21 Mar 2000 23:43:27 +0000 (GMT)
- cc: hjl at valinux dot com
There has been discussion of a binutils security bug in the Debian bug
tracking system, but it doesn't seem to have been discussed in the
archives of this list or fixed in CVS. See:
http://bugs.debian.org/57831
Summary: BFD unlinks output temporary files that GCC has carefully created
in a secure manner, opening with O_EXCL, and then reopens them insecurely
without O_EXCL; an attacker winning a race condition could have inserted a
malicious symlink. If the unlink is needed, then the file must be
reopened with O_EXCL, with care taken to preserve its permissions from
before the unlink. If the unlink is avoided, the binutils programs
(objdump, at least) that create temporary files using the deprecated
choose_temp_base interface from libiberty should instead use the safe
make_temp_file interface (probably a good idea anyway).
--
Joseph S. Myers
jsm28@cam.ac.uk