Received: (at submit) by bugs.debian.org; 6 Nov 1996 21:38:40 +0000
Received: (qmail 13807 invoked from smtpd); 6 Nov 1996 21:38:34 -0000
Received: from i17linuxb.ists.pwr.wroc.pl (marekm@156.17.35.8)
  by master.debian.org with SMTP; 6 Nov 1996 21:38:30 -0000
Received: (from marekm@localhost) by i17linuxb.ists.pwr.wroc.pl (8.7.6/8.7.3) id WAA21071 for submit@bugs.debian.org; Wed, 6 Nov 1996 22:25:29 +0100
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Message-Id: <199611062125.WAA21071@i17linuxb.ists.pwr.wroc.pl>
Subject: gcc and /tmp security
To: submit@bugs.debian.org
Date: Wed, 6 Nov 1996 22:25:28 +0100 (MET)
X-Mailer: ELM [version 2.4 PL25 PGP2]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Package: gcc
Version: 2.7.2.1-1

gcc creates its temporary files in $TMPDIR (default /tmp) and - guess
what? - doesn't use the O_EXCL open() flag!  (verified using strace)
Any user can overwrite files owned by any other user who is running
gcc (including root, so don't do that!) by creating symlinks in /tmp.

Quick workaround: set $TMPDIR to point to some non-world-writable
directory (under $HOME).  This really should be fixed upstream (the
problem is not Linux-specific) but maybe we can do it faster...

Marek