LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Is this as interesting as it soulds (https://www.linuxquestions.org/questions/slackware-14/is-this-as-interesting-as-it-soulds-4175455588/)

mreff555 03-25-2013 08:56 PM

Is this as interesting as it soulds
 
I found this line in the gcc build script. I'm curious about the reason behind it. Can anyone give me an explanation?

Code:

# Temporary build location.  This should *NOT* be a directory
# path a non-root user could create later...
TMP=${TMP:-"/gcc-$(mcookie)"}


volkerdi 03-25-2013 09:19 PM

Quote:

Originally Posted by mreff555 (Post 4918849)
I found this line in the gcc build script. I'm curious about the reason behind it. Can anyone give me an explanation?

Code:

# Temporary build location.  This should *NOT* be a directory
# path a non-root user could create later...
TMP=${TMP:-"/gcc-$(mcookie)"}


That was added a long time ago after I read a report about /tmp paths being embedded in libraries, and an audit of the system showed that glibc, gcc, and bind libraries all had strings in them from the build location. My concern was that someone might be able to create a replacement library in the original build location and use it to do evil things, and I seem to recall a report similar to that (maybe for something else), also long ago. I don't know if the danger was real, but the change was made anyway.

Now I'm finding no reference to this through Google, and don't remember where I heard about it. Maybe the old vendor-sec list? It would be interesting to know if something like that was ever possible, certainly.

mreff555 03-25-2013 09:41 PM

Yes it would. I was suspecting something to that order but had never heard of anything like that. Thanks for clearing that up.


All times are GMT -5. The time now is 02:35 AM.