2002-07-03 Ben Elliston <bje@redhat.com>

* config.guess (set_cc_for_build): Create a chmod 700 directory in /tmp (or $TMPDIR, if set) to store temporary files generated for use by the C compiler. This should resist the /tmp symbolic link race vulnerability reported by Lawrence Teo.
2025-05-29 02:26:36 +12:00 · 2002-07-03 16:29:31 +00:00 · 2002-07-03 16:29:31 +00:00 · dc77abbdfd
commit dc77abbdfd
parent ea1f282bc2
2 changed files with 39 additions and 23 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2002-07-03  Ben Elliston  <bje@redhat.com>
+
+	* config.guess (set_cc_for_build): Create a chmod 700 directory in
+	/tmp (or $TMPDIR, if set) to store temporary files generated for
+	use by the C compiler.  This should resist the /tmp symbolic link
+	race vulnerability reported by Lawrence Teo.
+
 2002-07-03  Ben Elliston  <bje@redhat.com>

 	* config.sub: Handle freebsd*. From Bruno Haible.
--- a/config.guess
+++ b/config.guess
@ -3,7 +3,7 @@
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002 Free Software Foundation, Inc.

-timestamp='2002-07-01'
+timestamp='2002-07-03'

 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@ -88,30 +88,39 @@ if test $# != 0; then
  exit 1
 fi

+trap 'exit 1' 1 2 15

-dummy=dummy-$$
-trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.

-# CC_FOR_BUILD -- compiler used by this script.
 # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
 # use `HOST_CC' if defined, but it is deprecated.

-set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in
- ,,)    echo "int dummy(){}" > $dummy.c ;
+# This shell variable is my proudest work .. or something. --bje
+
+set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
+(mkdir $tmpdir && chmod 700 $tmpdir) || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
+dummy=$tmpdir/dummy ;
+files="$dummy.c $dummy.o $dummy.rel $dummy" ;
+trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
 	for c in cc gcc c89 c99 ; do
-	  ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ;
-	  if test $? = 0 ; then
+	  if ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; then
 	     CC_FOR_BUILD="$c"; break ;
 	  fi ;
 	done ;
-	rm -f $dummy.c $dummy.o $dummy.rel ;
+	rm -f $files ;
 	if test x"$CC_FOR_BUILD" = x ; then
 	  CC_FOR_BUILD=no_compiler_found ;
 	fi
 	;;
 ,,*)   CC_FOR_BUILD=$CC ;;
 ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
-esac'
+esac ;
+unset files'

 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
 # (ghazi@noc.rutgers.edu 1994-08-24)
@ -273,7 +282,7 @@ EOF
 				;;
 		esac
 	fi
-	rm -f $dummy.s $dummy
+	rm -f $dummy.s $dummy && dir $tmpdir
 	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
 	exit 0 ;;
    Alpha\ *:Windows_NT*:*)
@ -422,8 +431,8 @@ EOF
 EOF
 	$CC_FOR_BUILD $dummy.c -o $dummy \
 	  && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
-	  && rm -f $dummy.c $dummy && exit 0
-	rm -f $dummy.c $dummy
+	  && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+	rm -f $dummy.c $dummy && rmdir $tmpdir
 	echo mips-mips-riscos${UNAME_RELEASE}
 	exit 0 ;;
    Motorola:PowerMAX_OS:*:*)
@ -504,8 +513,8 @@ EOF
 			exit(0);
 			}
 EOF
-		$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
-		rm -f $dummy.c $dummy
+		$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+		rm -f $dummy.c $dummy && rmdir $tmpdir
 		echo rs6000-ibm-aix3.2.5
 	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
 		echo rs6000-ibm-aix3.2.4
@ -605,7 +614,7 @@ EOF
 EOF
 		    (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`./$dummy`
 		    if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
-		    rm -f $dummy.c $dummy
+		    rm -f $dummy.c $dummy && rmdir $tmpdir
 		fi ;;
 	esac
 	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
@ -641,8 +650,8 @@ EOF
 	  exit (0);
 	}
 EOF
-	$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
-	rm -f $dummy.c $dummy
+	$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+	rm -f $dummy.c $dummy && rmdir $tmpdir
 	echo unknown-hitachi-hiuxwe2
 	exit 0 ;;
    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@ -736,7 +745,7 @@ EOF
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-	rm -f $dummy.c
+	rm -f $dummy.c && rmdir $tmpdir
 	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
 	exit 0 ;;
    i*:CYGWIN*:*)
@ -798,7 +807,7 @@ EOF
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
-	rm -f $dummy.c
+	rm -f $dummy.c && rmdir $tmpdir
 	test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0
 	;;
    ppc:Linux:*:*)
@ -894,7 +903,7 @@ EOF
 	#endif
 EOF
 	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
-	rm -f $dummy.c
+	rm -f $dummy.c && rmdir $tmpdir
 	test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
 	test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
 	;;
@ -1257,8 +1266,8 @@ main ()
 }
 EOF

-$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0
-rm -f $dummy.c $dummy
+$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
+rm -f $dummy.c $dummy && rmdir $tmpdir

 # Apollos put the system type in the environment.