Bug#36027: More information on bash compile-time hole

To: 36027@bugs.debian.org
Cc: Matthias Klose <doko@tango.isdn.cs.tu-berlin.de>
Subject: Bug#36027: More information on bash compile-time hole
From: Topi Miettinen <Topi.Miettinen@nic.fi>
Date: Mon, 06 Dec 1999 04:50:50 +0200
Message-id: <[🔎] 199912071925.VAA03581@pluto.nic.fi>
Reply-to: Topi Miettinen <Topi.Miettinen@nic.fi>, 36027@bugs.debian.org

I was too terse with the bug report, sorry. Here are the details:

During ./configure, tests for OPENDIR_NOT_ROBUST and NAMED_PIPES_MISSING may 
overwrite files if there is already a symbolic link with the same name in /tmp.

./configure --with-installed-readline executes support/rlvers.sh, which 
creates an executable in /tmp and then runs it. Between these events, the 
executable may be replaced with a Trojan horse.

None of these are generic bugs, they only affect bash. I'll reassign the bug 
report.

-Topi

Reply to:

Prev by Date: Re: Debian on a 386? Unlikely. (was: ramblings about old hardware, gzip, bz2, and pentium opts)
Next by Date: Re: Travel Assistance (was: Re: Debian at the bazaar?)
Previous by thread: Re: looking for maintainer of sed multibyte patch
Next by thread: Re: Travel Assistance (was: Re: Debian at the bazaar?)
Index(es):
- Date
- Thread