On Wed, 2010-02-10 at 10:58 +0100, Jim Meyering wrote: > There was a nasty flaw in _every_ automake-generated Makefile.in > until recently[*]. When making releases, most of us who maintain > automake-using packages run "make dist" or "make distcheck". > Even if you don't, your users may. The flaw put all of us at risk. I disagree that it's as critical as you make out - sure it needs fixing. To exploit this, you have to build within a directory path that is going to be writeable (i.e. have a world readable home directory and build in there directly), and be using a shared system on which you don't trust your users. In the latter case, it's often game over anyway. umask is your friend. Jon. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
