Binutils /tmp security
Christopher C. Chimelis
chris@debian.org
Tue Mar 21 17:28:00 GMT 2000
On Tue, 21 Mar 2000, Joseph S. Myers wrote:
> There has been discussion of a binutils security bug in the Debian bug
> tracking system, but it doesn't seem to have been discussed in the
> archives of this list or fixed in CVS. See:
>
> http://bugs.debian.org/57831
>
> Summary: BFD unlinks output temporary files that GCC has carefully created
> in a secure manner, opening with O_EXCL, and then reopens them insecurely
> without O_EXCL; an attacker winning a race condition could have inserted a
> malicious symlink. If the unlink is needed, then the file must be
> reopened with O_EXCL, with care taken to preserve its permissions from
> before the unlink. If the unlink is avoided, the binutils programs
> (objdump, at least) that create temporary files using the deprecated
> choose_temp_base interface from libiberty should instead use the safe
> make_temp_file interface (probably a good idea anyway).
The patch that's in that bug report it still substandard. I'm working on
a better one, but I'm sure that everyone here can easily beat me to it :-)
C
More information about the Binutils
mailing list