K 10
svn:author
V 6
iulius
K 8
svn:date
V 27
2018-03-15T21:35:08.827182Z
K 7
svn:log
V 680
install-sh:  avoid (low risk) race in "/tmp"

Patch from upstream.

Ensure that nobody can cross privilege boundaries by pre-creating
symlink on '$tmpdir' destination directory.

Just testing 'mkdir -p' by creating "/tmp/ins$RANDOM-$$/d" is not safe
because "/tmp" directory is usually world-writeable and
"/tmp/ins$RANDOM-$$" content could be pretty easily guessed by
attacker (at least for shells where $RANDOM is not supported).  So, as
the first step, create the "/tmp/ins$RANDOM-$$" without -p.  This step
would fail early if somebody wanted catch us.

Systems that implement (and have enabled) fs.protected_symlinks kernel
feature are not affected even without this commit.

END
