On Fri, Jul 25, 2008 at 4:57 PM, Steven M. Christey<coley@xxxxxxxxxxxxxxx> wrote:>> On Fri, 25 Jul 2008, [UTF-8] Jan MináÅ^Y wrote:>>> > The commands do not have to be written there between (1) and (2), they>> > can be in the file long before the ./configure was started -- just>> > because the script does care whether it can write to the file at all.>> > So unlike stated in the advisory, and in CVE-2008-3294, the issue does>> > not involve a race condition if the attacker would choose to create a>> > 644 file.>>>> The file gets truncated in (1). You're wrong, the advisory is right.>> Maybe the point here is that if the attacker owns the file and sets 644> permissions, then the truncation won't happen since ./configure won't have> the permissions to modify the file. I stand corrected. I have updated the advisory. Thanks, Robert.Thanks to Steven for rephrasing. Jan.
