Vulnerability in make(1) 11
This security advisory and associated patch documents and fixes a security hole in Berkeley Make, relating to the "-j" option and temporary file name handling. The advisory was issued by the FreeBSD security team, but it is believed that NetBSD and OpenBSD are affected as well. Obviously, if you have downloaded Berkeley Make to a non-BSD system then you should investigate as well.
Re:OpenBSD not Effected (Score:1)
Just out of curiosity, is there anyone someone can just update everything which could be classified as a "security fix" in FreeBSD or OpenBSD?
Re:How to solve your problems (Score:1)
bad link in story to security advisory (Score:1)
Re:Not for OpenBSD (Score:1)
No real harm done - the make -j option has maximum performance on an SMP machine (which OpenBSD unfortunately do not support), although many people do report performance boosts even on uniprocessors since it makes better concurrent use of resources, e.g. CPU time for one job while the next is being read from disk.
I should also state for the record that FreeBSD is in the process of being audited in much the same way as OpenBSD was - we've already turned up a number of bugs which they missed, so I hope the combined efforts of the problems fixed by the two teams (FreeBSD is merging over all of OpenBSD's fixes as well) should leave both OSes pretty darn secure!
Re:Does not surprise me. (Score:3)
Huh? /tmp is always mode 1777. 1000 is the sticky bit (+t in chmod's symbolic modes). In a +t directory, users can't rename/unlink/rmdir files or directories they don't own. This is supported in every modern Unix, and is no doubt mentioned in every standard who's scope covers Unix file permissions.
OpenBSD not Effected (Score:4)
Re:OpenBSD not Effected (Score:4)
And then he followe d up to his own message [sigmasoft.com], explaining that OpenBSD was vulnerable...
N
Does not surprise me. (Score:4)
This dosen't surprise me one bit. Many programs use /tmp files rather badly. Most open them with world readability thus possibly disclosing contents. I'll admit even I have written scripts and programs that do poor file handling in the /tmp directory.
The other problem it is possible on many UNIX systems to delete files that you don't own in the /tmp directory. There are some UNIXes that don't allow this, but it creates an exception to the normal UNIX file handling rules.
Combining the poor file handling and being able to delete others files in /tmp one can do all sorts of exploits to gain root or access to others accounts.