| Summary: | potential symlink attack when compiling dbus | ||
|---|---|---|---|
| Product: | dbus | Reporter: | Simon McVittie <smcv> |
| Component: | core | Assignee: | Simon McVittie <smcv> |
| Status: | RESOLVED FIXED | QA Contact: | John (J5) Palmieri <johnp> |
| Severity: | normal | ||
| Priority: | medium | CC: | hp |
| Version: | 1.4.x | Keywords: | patch |
| Hardware: | Other | ||
| OS: | All | ||
| URL: | http://git.collabora.co.uk/?p=user/smcv/dbus-smcv.git;a=shortlog;h=refs/heads/tmp | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: |
configure.in: use AC_TRY_COMPILE to avoid a symlink attack in /tmp during compilation
Fix the check for -Wfloat-equal cmake/cross-compile.sh: use mktemp(1) to avoid a symlink attack in /tmp |
||
|
Description
Simon McVittie
2011-01-05 11:17:14 UTC
Created attachment 41680 [details] [review] configure.in: use AC_TRY_COMPILE to avoid a symlink attack in /tmp during compilation Created attachment 41681 [details] [review] Fix the check for -Wfloat-equal Created attachment 41682 [details] [review] cmake/cross-compile.sh: use mktemp(1) to avoid a symlink attack in /tmp These should probably go to 1.2 too. I haven't done the CVE-number dance since these only apply when compiling dbus, not when using it (and cmake/cross-compile.sh isn't used by default). 15:14 < wjt> smcv: tmp looks fine 15:15 < wjt> smcv: as does trivia Fixed in git for 1.4.4 or 1.5.0. ... and in the 1.2 branch for 1.2.28 (only the AC_TRY_COMPILE patch there). |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.