Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability in make (1)

Posted by Nik on from the I-want-makeworld.com dept.

This security advisory and associated patch documents and fixes a security hole in Berkeley Make, relating to the "-j" option and temporary file name handling. The advisory was issued by the FreeBSD security team, but it is believed that NetBSD and OpenBSD are affected as well. Obviously, if you have downloaded Berkeley Make to a non-BSD system then you should investigate as well.

4 of 11 comments (clear)

  1. Re:Does not surprise me. by treat · · Score: 3
    The other problem it is possible on many UNIX systems to delete files that you don't own in the /tmp directory. There are some UNIXes that don't allow this, but it creates an exception to the normal UNIX file handling rules.

    Huh? /tmp is always mode 1777. 1000 is the sticky bit (+t in chmod's symbolic modes). In a +t directory, users can't rename/unlink/rmdir files or directories they don't own. This is supported in every modern Unix, and is no doubt mentioned in every standard who's scope covers Unix file permissions.

  2. OpenBSD not Effected by howardjp · · Score: 4

    Todd Miller posted to misc@openbsd.org yesterday saying that this bug was fixed "quite some time" ago in OpenBSD. A copy of his message can be seen here.

    1. Re:OpenBSD not Effected by nikc · · Score: 4
      Todd Miller posted to misc@openbsd.org yesterday saying that this bug was fixed "quite some time" ago in OpenBSD.

      And then he followe d up to his own message, explaining that OpenBSD was vulnerable...

      N

  3. Does not surprise me. by Bryan+Andersen · · Score: 4

    This dosen't surprise me one bit. Many programs use /tmp files rather badly. Most open them with world readability thus possibly disclosing contents. I'll admit even I have written scripts and programs that do poor file handling in the /tmp directory.

    The other problem it is possible on many UNIX systems to delete files that you don't own in the /tmp directory. There are some UNIXes that don't allow this, but it creates an exception to the normal UNIX file handling rules.

    Combining the poor file handling and being able to delete others files in /tmp one can do all sorts of exploits to gain root or access to others accounts.