Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind

From:	Jim Meyering
Subject:	Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind
Date:	Tue, 08 Dec 2009 17:44:26 +0100

Jim Meyering wrote:
> FYI, I should be pushing these soon, and then making a snapshot
> within a couple hours:
>
> [PATCH 1/2] build: distcheck: do not leave a $TMPDIR/coreutils directory 
> behind

aka, http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5

Now that there's a public BZ mentioning the security impact,
http://bugzilla.redhat.com/545439, I will note that the above
change also fixes a security-related flaw.  Any user running
"make distcheck" with TMPDIR unset or set to a world-writable
directory like /tmp, is vulnerable to arbitrary code execution.

So either don't run "make distcheck", with coreutils-8.1 or earlier,
or be sure that TMPDIR is not a world-writable directory.

I'll add something like the above to NEWS.

[Prev in Thread]

Current Thread

[Next in Thread]

build: distcheck: do not leave a $TMPDIR/coreutils directory behind, Jim Meyering, 2009/12/07
- Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind, Jim Meyering <=

Prev by Date: Re: mv -v, cp -v messages should be different
Next by Date: Re: git coreutils 'make check' hangs
Previous by thread: build: distcheck: do not leave a $TMPDIR/coreutils directory behind
Next by thread: new snapshot available: coreutils-8.1.24-7a2b0
Index(es):
- Date
- Thread