This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: posix/wordexp-tst.sh

To: libc-alpha at sources dot redhat dot com
Subject: Re: posix/wordexp-tst.sh
From: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
Date: Tue, 10 Oct 2000 11:00:27 +0100 (BST)

I wrote:

> posix/wordexp-tst.sh leaves its output files behind in TMPDIR after
> running, if TMPDIR is set.  If TMPDIR were set to a shared directory for
> some reason (e.g. set to /var/tmp because of /tmp being full), the usual
> symlink attacks also apply.

Grepping for /tmp|TMPDIR shows several more /tmp symlink holes that are
open during a glibc make check.  Suggestion: always use the build
directory for temporary files during testing, irrespective of TMPDIR.

One runtime issue: the ld.so profiling output file might be opened through
a symlink in /var/tmp; it's probably best to use O_NOFOLLOW if available.

-- 
Joseph S. Myers
jsm28@cam.ac.uk

Follow-Ups:
- Re: posix/wordexp-tst.sh
  - From: Ulrich Drepper

References:
- posix/wordexp-tst.sh
  - From: Joseph S. Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]