Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution

Nikolai Weibull wrote:

> On Sun, Jul 20, 2008 at 16:01, Bram Moolenaar <Bram <at> moolenaar.net> wrote:
> 
> > Jan Minar wrote:
> 
> >> The configure can just use a fixed file name in the current directory.
> >>
> >> Anyway, I have adapted some code from src/auto/configure that will
> >> work on systems without mktemp(1) -- patch attached.
> 
> > There probably is a small security hole in this as well.  A targeted
> > symlink attack might work.  mktemp() is suppose to use a special open()
> > call that avoids symlinks and creates the file in a way it can't be
> > interrupted.  I think it's better to rely on mktemp for that reason.
> > It's not something you can do in a shell.
> 
> The pipe solution still exists and is secure.  According to the POSIX
> standard, "make -f -" should make make process standard input:
> 
>   http://www.opengroup.org/onlinepubs/009695399/utilities/make.html

There are make programs that were written before POSIX.  I don't think
they should break the configure script.

--

-- 
Eight Megabytes And Continually Swapping.

 /// Bram Moolenaar -- Bram <at> Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---