From cfcfa9bd014a7717821c98262a11772c8e79c13e Mon Sep 17 00:00:00 2001 From: Ondrej Kos Date: Tue, 29 Jan 2013 14:15:48 +0100 Subject: TOOLS: Use file descriptor to avoid races when creating a home directory When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782 --- Makefile.am | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index e64cc091a..01a1abb2a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -755,6 +755,7 @@ FILES_TESTS_LIBS = \ $(CHECK_LIBS) \ $(POPT_LIBS) \ $(TALLOC_LIBS) \ + $(DHASH_LIBS) \ libsss_test_common.la if BUILD_SELINUX FILES_TESTS_LIBS += $(SELINUX_LIBS) @@ -767,7 +768,8 @@ files_tests_SOURCES = \ src/tests/files-tests.c \ src/util/check_and_open.c \ src/tools/selinux.c \ - src/tools/files.c + src/tools/files.c \ + src/util/util.c files_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) -- cgit