Commit b2343efd authored by Natanael Copa's avatar Natanael Copa

main/automake: security fix (CVE-2012-3386)

fixes #1764
parent 6c450cd9
# Maintainer: Natanael Copa <>
pkgdesc="A GNU tool for automatically creating Makefiles"
prepare() {
cd "$srcdir"/$pkgname-$pkgver
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
build() {
cd "$srcdir"/$pkgname-$pkgver
./configure --prefix=/usr
......@@ -22,4 +32,5 @@ package() {
make DESTDIR=$pkgdir install
md5sums="4ee7f0ff5f0e467d58b6bd5da96b1c74 automake-1.11.1.tar.gz"
md5sums="4ee7f0ff5f0e467d58b6bd5da96b1c74 automake-1.11.1.tar.gz
4f3b076713662c040dbe22aa7e074eef CVE-2012-3386.patch"
>From bab7065f75bb9680df8c782da06a8312e5fa95a6 Mon Sep 17 00:00:00 2001
Message-Id: <address@hidden>
From: Stefano Lattarini <address@hidden>
Date: Fri, 6 Jul 2012 22:43:04 +0200
Subject: [PATCH] distcheck: never make part of $(distdir) world-writable
This fixes a locally-exploitable security vulnerability (CVE-2012-3386).
In the 'distcheck' rule, we used to make the just-extracted (from
the distribution tarball) $(distdir) directory and all its files and
subdirectories read-only; then, in order to create the '_inst' and
'_build' subdirectories in there (used by the rest of the recipe) we
made the top-level $(distdir) *world-writable* for an instant (the
time to create those two directories) before making it read-only
Making that directory world-writable (albeit only briefly) introduced a
locally exploitable race condition for those who run "make distcheck" with
a non-restrictive umask (e.g., 022) in a directory that is accessible by
others. A successful exploit would result in arbitrary code execution
with the privileges of the user running "make distcheck" -- game over.
Jim Meyering wrote a proof-of-concept script showing that such exploit is
easily implemented.
This issue is similar to the CVE-2009-4029 vulnerability:
* lib/am/ (distcheck): Don't make $(distdir) world-writable,
not even for an instant; make it user-writable instead, which is enough.
Helped-By: Jim Meyering <address@hidden>
Signed-off-by: Stefano Lattarini <address@hidden>
NEWS | 9 +++++++++
lib/am/ | 2 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index ee16961..4975e8e 100644
--- a/NEWS
+++ b/NEWS
@@ -92,6 +92,15 @@ New in 1.12.2:
Bugs fixed in 1.12.2:
+ - The recipe of the 'distcheck' no longer grants anymore temporary
+ world-wide write permissions on the extracted distdir. Even if such
+ rights were only granted for a vanishingly small time window, the
+ implied race condition proved to be enough to allow a local attacker
+ to run arbitrary code with the privileges of the user running "make
+ distcheck". This is CVE-2012-3386.
* Long-standing bugs:
- The "recheck" targets behaves better in the face of build failures
diff --git a/lib/am/ b/lib/am/
index e27b650..f636a1e 100644
--- a/lib/am/
+++ b/lib/am/
@@ -449,7 +449,7 @@ distcheck: dist
## Make the new source tree read-only. Distributions ought to work in
## this case. However, make the top-level directory writable so we
## can make our new subdirs.
- chmod -R a-w $(distdir); chmod a+w $(distdir)
+ chmod -R a-w $(distdir); chmod u+w $(distdir)
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
## Undo the write access.
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment