This is the mail archive of the binutils@sourceware.cygnus.com mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: Binutils /tmp security

To: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
Subject: Re: Binutils /tmp security
From: "Christopher C. Chimelis" <chris at debian dot org>
Date: Tue, 21 Mar 2000 20:28:13 -0500 (EST)
cc: binutils at sourceware dot cygnus dot com, hjl at valinux dot com


On Tue, 21 Mar 2000, Joseph S. Myers wrote:

> There has been discussion of a binutils security bug in the Debian bug
> tracking system, but it doesn't seem to have been discussed in the
> archives of this list or fixed in CVS.  See:
> 
> http://bugs.debian.org/57831
> 
> Summary: BFD unlinks output temporary files that GCC has carefully created
> in a secure manner, opening with O_EXCL, and then reopens them insecurely
> without O_EXCL; an attacker winning a race condition could have inserted a
> malicious symlink.  If the unlink is needed, then the file must be
> reopened with O_EXCL, with care taken to preserve its permissions from
> before the unlink.  If the unlink is avoided, the binutils programs
> (objdump, at least) that create temporary files using the deprecated
> choose_temp_base interface from libiberty should instead use the safe
> make_temp_file interface (probably a good idea anyway).

The patch that's in that bug report it still substandard.  I'm working on
a better one, but I'm sure that everyone here can easily beat me to it :-)

C

References:
- Binutils /tmp security
  - From: Joseph S. Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]