From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/794
Path: news.gmane.org!not-for-mail
From: Rich Felker <dalias@aerifal.cx>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: configure script for musl (?!)
Date: Wed, 2 May 2012 11:39:03 -0400
Message-ID: <20120502153903.GQ14673@brightrain.aerifal.cx>
References: <20120501225408.GM14673@brightrain.aerifal.cx>
 <20120501233926.GN14673@brightrain.aerifal.cx>
 <20120502140004.GB17745@openwall.com>
 <20120502143125.GO14673@brightrain.aerifal.cx>
 <20120502150543.GB18084@openwall.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: dough.gmane.org 1335972940 1458 80.91.229.3 (2 May 2012 15:35:40 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Wed, 2 May 2012 15:35:40 +0000 (UTC)
To: musl@lists.openwall.com
Original-X-From: musl-return-795-gllmg-musl=m.gmane.org@lists.openwall.com Wed May 02 17:35:40 2012
Return-path: <musl-return-795-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@plane.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-795-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1SPbad-0007K8-Qw
	for gllmg-musl@plane.gmane.org; Wed, 02 May 2012 17:35:39 +0200
Original-Received: (qmail 19862 invoked by uid 550); 2 May 2012 15:35:39 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 19854 invoked from network); 2 May 2012 15:35:39 -0000
Content-Disposition: inline
In-Reply-To: <20120502150543.GB18084@openwall.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Xref: news.gmane.org gmane.linux.lib.musl.general:794
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/794>

On Wed, May 02, 2012 at 07:05:43PM +0400, Solar Designer wrote:
> I think the biggest problem here is in the failure mode.  In the draft
> script you posted, if "set -C" fails the script will proceed to
> potentially clobber a file via a (sym)link provided by another user, or
> it may use a FIFO or a regular file pre-created by another user (and set
> to e.g. mode 666), in which case the input to the compiler would be
> under that other user's control (even if we're running with a safe umask).

Since set is a shell builtin, I was assuming it won't fail, but I can
add "|| fail msg_here" to it.

> > I've actually been working on the issue and updated it to use $$,
> > $PPID, and a retry counter, so random failures will be extremely rare.
> > If anyone thinks it still matters, I'll add $(date|cksum) too.
> 
> Oh, I think it's better to simply use the approach I suggested last:
> 
> > > Rather than use $TMPDIR or /tmp, I think it'd be safer to place the file
> > > in the same directory with the configure script or in the current

I agree. In that case, secure creation is mostly a non-issue.

Rich