From owner-doc-jp@jp.freebsd.org  Fri Jan 21 06:06:04 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id GAA61965;
	Fri, 21 Jan 2000 06:06:04 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id GAA61959
	for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 06:06:03 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id GAA10936 for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 06:06:02 +0900 (JST)
Received: from mail.hrs.jp (sutkmax1-ppp24.ed.kagu.sut.ac.jp [133.31.177.26]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id GAA18286 for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 06:06:00 +0900 (JST)
Message-Id: <200001202106.GAA18286@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id GAA26647
	for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 06:01:05 +0900 (JST)
	(envelope-from hrs@hrs.jp)
To: doc-jp@jp.freebsd.org
In-Reply-To: <200001201357.WAA15225@bilbo.micon.co.jp>
References: <200001191905.MAA27712@harmony.village.org>
	<200001201357.WAA15225@bilbo.micon.co.jp>
X-Mailer: Mew version 1.94 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Fri, 21 Jan 2000 05:58:47 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 97
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 6981
Subject: [doc-jp 6981] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:01.make
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 $B$Q$C$H8+$F5$$K$J$C$?$H$3$m$r=q$$$F$_$^$7$?!#(B
 $B$A$g$C$HLu$r6cL#$7$F$$$k$[$IM>M5$,$J$$$N$G!"(B
 $BBe0F$O$$$^$$$A$G$9!#(B

Atushi Sakauchi <sakauchi@yamame.to> wrote
 in <200001201357.WAA15225@bilbo.micon.co.jp>:

> $B%H%T%C%/(B:       Insecure temporary file handling in make(1)

 # $B%H%T%C%/$OA02s$bLu$7$F$$$J$$$s$G$7$?$C$1(B?

> $B1F6ABP>](B:       $B=$@5$5$l$k0JA0$N$9$Y$F$N%P!<%8%g%s(B

 |$B1F6ABP>](B:       $B=$@5F|$h$jA0$K%j%j!<%9$5$l$?$9$Y$F$N%P!<%8%g%s(B

> The make(1) program is typically used to schedule building of source
> code. It has a switch ('-j') to allow parallel building by spawning
> multiple child processes.
> 
> make(1) $B%W%m%0%i%`$O!$%=!<%9%3!<%I$N%S%k%I$N%9%1%8%e!<%j%s%0$K(B
> $BE57?E*$K;HMQ$5$l$k%W%m%0%i%`$G$9!%%9%$%C%A(B(-j) $B$K$h$j!$J#?t$N(B

 # $BE57?E*$O$+$?$$$h$&$J5$$,$7$^$9!#(B

 |make(1) $B%W%m%0%i%`$O(B, $B%=!<%9%3!<%I$N%S%k%I(B($B%3%s%Q%$%k(B)$B$r(B
 |$B%9%1%8%e!<%j%s%0$9$k$?$a$K(B, $B$7$P$7$P;HMQ$5$l$k%W%m%0%i%`$G$9(B.

> The -j option to make(1) uses temporary files in /tmp to communicate
> with its child processes by storing the shell command the child should
> execute. This is useful on multi-processor architectures for making
> use of all of the available CPUs, and is also widely used on
> uniprocessor systems to minimize the scheduling latency of the build
> process.
> 
> make(1) $B$N(B -j $B%*%W%7%g%s$O(B /tmp $BFb$N0l;~%U%!%$%k$K!$;R%W%m%;%9$,<B9T$9$Y(B 
> $B$-%7%'%k%3%^%s%I$r3JG<$9$k$3$H$G!$;R%W%m%;%9$HDL?.$7$^$9!%$3$l$O%^%k%A!&(B
> $B%W%m%;%C%5!&%"!<%-%F%/%A%c$G$O!$;HMQ$G$-$kA4$F%W%m%;%C%5$r;HMQ$9$k$?$a$K(B 
> $BM-8z$G$"$j!$%7%s%0%k%W%m%;%C%5!&%7%9%F%`$K$*$$$F$b!$%S%k%I:n6H$N!$BT$A;~(B
> $B4V$r:G>.$K$9$k$?$a$K!$9-$/;H$o$l$F$$$^$9!%(B

 $B<g@a$K$"$kF0;l(B == $B<gD%$7$?$$$3$H$@$H;W$&$N$G!"(B
 $BF|K\8l$G$b=R8lItJ,$K(B uses $B$r;}$C$F$/$k$Y$-$@$H;W$$$^$9!#(B

 |make(1) $B$N(B -j $B%*%W%7%g%s$O(B, /tmp $B%G%#%l%/%H%jFb$N(B
 |$B0l;~%U%!%$%k$r;HMQ$7$^$9!#%U%!%$%k$K$O(B make(1) $B$N;R%W%m%;%9$,<B9T$9$Y$-(B
 |$B%7%'%k%3%^%s%I$,3JG<$5$l(B, $B$3$l$K$h$j;R%W%m%;%9$H$NDL?.$,(B
 |$B9T$J$o$l$^$9(B. 
 
> However make(1) uses the temporary file in an insecure way, repeatedly
> deleting and reusing the same file name for the entire life of the
> program. This makes it vulnerable to a race condition wherein a
> malicious user could observe the name of the temporary file being
> used, and replace the contents of a later instance of the file with
> her desired commands after the legitimate commands have been written.
> 
> $B$7$+$7(B make(1) $B$O!$?F%W%m%;%9$N@8B84|4VCf!$F1$8%U%!%$%kL>$r7+JV$7>C5n$7(B
> $B:F;HMQ$9$k$H$$$&0BA4$G$J$$J}K!$r$H$C$F$$$^$9!%0-0U$r;}$D%f!<%6$,!$;H$o$l(B
> $B$k0l;~%U%!%$%k$NL>A0$r4Q;!$G$-$^$9$+$i!$@55,$N%3%^%s%I$,=q$-9~$^$l$?8e$K!$(B
> $B%U%!%$%k$NFbMF$rG$0U$N%3%^%s%I$K=q$-49$($k$3$H$,2DG=$G$"$k$H$$$&6%9g>uBV(B
> $B$,@8$8$k$H$$$&LdBj$,$"$j$^$9!%(B 

 ($B%3%s%F%-%9%H$+$i$o$+$k$s$G$9$,(B)$B!V0l;~%U%!%$%k!W$,H4$1$F$$$k$N$G(B
 $B$=$l$NDI2C$G$9!#(Bdeleting $B$O>iD9$J$N$G$H$C$F$7$^$$$^$7$?!#(B

 |$B$7$+$7(B make(1) $B$O!$?F%W%m%;%9$N@8B84|4VCf!$F1$8%U%!%$%kL>$N%U%!%$%k$r(B
 |$B0l;~%U%!%$%k$H$7$F7+JV$7:F;HMQ$9$k(B, $B$H$$$&0BA4$G$J$$J}K!$r$H$C$F$$$^$9(B.
 
> All versions of NetBSD and OpenBSD are also believed to be vulnerable
> to this problem. Other systems using a BSD-derived make(1) binary may
> also be vulnerable.
> 
> NetBSD $B$H(B OpenBSD $B$NA4$F$N%P!<%8%g%s$K$bF1MM$NLdBj$,$"$k$H3N?.$5$l$F$$$^(B
> $B$9!%(BBSD $B5/8;$N(B make(1) $B%P%$%J%j$r:NMQ$7$F$$$k!$B>$NA4$F$N%7%9%F%`$K$b!$(B
> $B$3$NLdBj$,$"$k2DG=@-$,$"$j$^$9!%(B

 # other systems $B$J$i!V$9$Y$F!W$O8@$$2a$.$G$O!#(B

 |$B$3$NLdBj$O(B, NetBSD $B$H(B OpenBSD $B$NA4$F$N%P!<%8%g%s$K$bB8:_$9$k$H;W$o$l$^$9(B.
 |$B$^$?(B, BSD $B5/8;$N(B make(1) $B%P%$%J%j$r:NMQ$7$F$$$kB>$N%7%9%F%`$b(B,
 |$B$3$NLdBj$rJz$($F$$$k2DG=@-$,$"$j$^$9(B.

> $BCm0U(B: $BK\J8=qCf$K%Q%C%A$,4^$^$l$F$$$k>l9g(B, $BEE;R=pL>$d%a%$%i$N=hM}$GJQ99(B
>       $B$5$l$k$?$a(B, $B$=$N$^$^$G$O$-$A$s$HE,MQ$G$-$J$$$+$b$7$l$^$;$s(B. $BI,MW(B
>       $B$G$"$l$P(B, $BK\J8=q$NKAF,$K5-:\$7$F$"$k(B URL $B$r;2>H$7$F%*%j%8%J%k$N(B
>       $B%3%T!<$rF~<j$7$F$/$@$5$$(B.

 |$BCm0U(B: $BK\J8=qCf4^$^$l$k%Q%C%A$O(B, $BEE;R=pL>$d%a%$%i$N=hM}$K$h$C$F(B
 |      $B2C$($i$l$kJQ99$,860x$G(B, $B$=$N$^$^$G$OE,MQ$G$-$J$$>l9g$,(B
 |      $B$"$j$^$9(B.

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@geocities.co.jp>
|
|                                  j7397067@ed.noda.sut.ac.jp(univ)
|                        hrs@jp.FreeBSD.org(FreeBSD doc-jp Project)
