This is the mail archive of the
automake@gnu.org
mailing list for the automake project.
Re: SECURITY ALERT
- To: gary@oranda.demon.co.uk (Gary V. Vaughan)
- Subject: Re: SECURITY ALERT
- From: Alexandre Oliva <oliva@dcc.unicamp.br>
- Date: 12 May 1999 09:00:50 -0300
- Cc: Andreas Schwab <schwab@issan.cs.uni-dortmund.de>, bug-libtool@gnu.org
- Cc: automake@gnu.org
- References: <vyz90b3zzsp.fsf@issan.cs.uni-dortmund.de> <u6766abzu.fsf@oranda.demon.co.uk>
On May 6, 1999, gary@oranda.demon.co.uk (Gary V. Vaughan) wrote:
> Thanks, I have put this in the TODO list pending Alexandre's return.
> I would apply it myself but I don't understand what the purpose of the
> original hooks was!
The hooks must not be removed, since they install libltdl, and
libtoolize --ltdl depends on them.
What I don't get is why `make distdir' creates the distdir as a
world-writable directory. Tom, wouldn't it be better to chmod it to
755 instead of 777? This would avoid the security hole in the libtool
installation (that uses make distdir to install the libltdl source
tree) and would avoid security holes for unwarned developers (like me)
that keep `make distcheck' running for a long time on slow hosts :-(
Meanwhile, I suggest that we just modify libltdl/Makefile.in in
libtool 1.3 so as to chmod 755 $(distdir) and make it libtool
1.3something (any good suggestions, since 1.3a is already taken?)
Maybe 1.3.0, as in the current post-release 1.3 branch?
--
Alexandre Oliva http://www.dcc.unicamp.br/~oliva IC-Unicamp, Bra[sz]il
{oliva,Alexandre.Oliva}@dcc.unicamp.br aoliva@{acm.org,computer.org}
oliva@{gnu.org,kaffe.org,{egcs,sourceware}.cygnus.com,samba.org}
*** E-mail about software projects will be forwarded to mailing lists