From owner-doc-jp@jp.freebsd.org  Fri Jan 21 16:50:24 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id QAA95715;
	Fri, 21 Jan 2000 16:50:24 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from TYO203.gate.nec.co.jp (TYO203.gate.nec.co.jp [202.32.8.211])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id QAA95710
	for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 16:50:24 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: from mailsv2.nec.co.jp (mailsv2-le1 [192.168.1.91])
	by TYO203.gate.nec.co.jp (8.9.3/3.7W99122211) with ESMTP id QAA29381
	for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 16:50:23 +0900 (JST)
Received: from mailsv.nec.co.jp (mailsv.nec.co.jp [10.7.68.90]) by mailsv2.nec.co.jp (8.9.3/3.7W-MAILSV2-NEC) with ESMTP
	id QAA11695 for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 16:50:20 +0900 (JST)
Received: from mmssv.mms.mt.nec.co.jp (mmssv.mms.mt.nec.co.jp [133.201.63.216]) by mailsv.nec.co.jp (8.9.3/3.7W-MAILSV-NEC) with ESMTP
	id QAA09751 for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 16:49:05 +0900 (JST)
Received: from koga.do.mms.mt.nec.co.jp (koga.do.mms.mt.nec.co.jp [10.16.5.16]) by mmssv.mms.mt.nec.co.jp (8.8.4+2.7Wbeta4/3.4W3MMS96052011) with ESMTP id QAA04355 for <doc-jp@jp.freebsd.org>; Fri, 21 Jan 2000 16:46:54 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by koga.do.mms.mt.nec.co.jp (8.9.3/3.7W-00011917) with ESMTP id QAA05070;
	Fri, 21 Jan 2000 16:49:03 +0900 (JST)
Message-Id: <200001210749.QAA05070@koga.do.mms.mt.nec.co.jp>
To: doc-jp@jp.freebsd.org
In-Reply-To: <200001201357.WAA15225@bilbo.micon.co.jp>
References: <200001191905.MAA27712@harmony.village.org>
	<200001201357.WAA15225@bilbo.micon.co.jp>
	<200001202106.GAA18286@mail.geocities.co.jp>
X-Mailer: Mew version 1.94.2pre8 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Fri, 21 Jan 2000 16:49:02 +0900 (JST)
From: Koga Youichirou <y-koga@jp.freebsd.org>
X-Dispatcher: imput version 20000113(IM136)
Lines: 118
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: doc-jp 6982
Subject: [doc-jp 6982] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:01.make
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

Atushi Sakauchi <sakauchi@yamame.to>:
> FreeBSD-SA-00:01.make $B$r(B announce-jp $B8~$1$KLu$7$F$_$^$7$?!%(B

$B$Q$A$Q$A$Q$A!y(B

> $B$h$m$7$/$*4j$$$7$^$9!%(B

$B8=<BF(Hr$,$F$i(B :-)

> =============================================================================
> FreeBSD-SA-00:01                                            Security Advisory
$B!D(B $B$5$/$C$HN,(B $B!D(B
> I.   $BGX7J(B
> 
> The make(1) program is typically used to schedule building of source
> code. It has a switch ('-j') to allow parallel building by spawning
> multiple child processes.
> make(1) $B%W%m%0%i%`$O!$%=!<%9%3!<%I$N%S%k%I$N%9%1%8%e!<%j%s%0$K(B
> $BE57?E*$K;HMQ$5$l$k%W%m%0%i%`$G$9!%%9%$%C%A(B(-j) $B$K$h$j!$J#?t$N(B
> $B;R%W%m%;%9$r5/F0$9$k$3$H$G!$JB9T%S%k%I$r9T$J$&$3$H$,$G$-$^$9!%(B

$B:4F#$5$s$b;XE&$5$l$F$$$^$9$,!"(Btypically $B$NLu$O!VE57?E*!W"*!VDL>o!W$H$+(B
$B!VIaDL$K!W$H$9$k$H<+A3$K$J$j$^$9!#(B

> II.  $B2r@b(B
> 
> The -j option to make(1) uses temporary files in /tmp to communicate
> with its child processes by storing the shell command the child should
> execute.
> make(1) $B$N(B -j $B%*%W%7%g%s$O(B /tmp $BFb$N0l;~%U%!%$%k$K!$;R%W%m%;%9$,<B9T$9$Y(B 
> $B$-%7%'%k%3%^%s%I$r3JG<$9$k$3$H$G!$;R%W%m%;%9$HDL?.$7$^$9!%(B
Hiroki Sato <hrs@geocities.co.jp>:
>  |make(1) $B$N(B -j $B%*%W%7%g%s$O(B, /tmp $B%G%#%l%/%H%jFb$N(B
>  |$B0l;~%U%!%$%k$r;HMQ$7$^$9!#%U%!%$%k$K$O(B make(1) $B$N;R%W%m%;%9$,<B9T$9$Y$-(B
>  |$B%7%'%k%3%^%s%I$,3JG<$5$l(B, $B$3$l$K$h$j;R%W%m%;%9$H$NDL?.$,(B
>  |$B9T$J$o$l$^$9(B. 

$B!V%G%#%l%/%H%jFb!W$h$j$O!V%G%#%l%/%H%jCf!W$+$J$!!#$"$s$^$j!VFb!W$O;H$o(B
$B$J$$$h$&$J5$$,$7$^$9!#(B

	make(1) $B$N(B -j $B%*%W%7%g%s$O!$;R%W%m%;%9$,<B9T$9$k%7%'%k%3%^%s%I(B
	$B$r(B /tmp $BCf$N0l;~%U%!%$%k$K3JG<$9$k$3$H$G!$;R%W%m%;%9$H$d$j$H$j(B
	$B$r$7$^$9!%(B

$B!tDL?.$H8@$&$H8lJ@$,$"$k$H;W$&!#(B

> This is useful on multi-processor architectures for making
> use of all of the available CPUs, and is also widely used on
> uniprocessor systems to minimize the scheduling latency of the build
> process.
> $B$3$l$O%^%k%A!&(B
> $B%W%m%;%C%5!&%"!<%-%F%/%A%c$G$O!$;HMQ$G$-$kA4$F%W%m%;%C%5$r;HMQ$9$k$?$a$K(B 
> $BM-8z$G$"$j!$%7%s%0%k%W%m%;%C%5!&%7%9%F%`$K$*$$$F$b!$%S%k%I:n6H$N!$BT$A;~(B
> $B4V$r:G>.$K$9$k$?$a$K!$9-$/;H$o$l$F$$$^$9!%(B

$B>/$7FI$_$E$i$$$N$G!"=q$-D>$7!#(B

	$B$3$NJ}K!$O!$%^%k%A%W%m%;%C%5!&%"!<%-%F%/%A%c$K$*$$$F!$;HMQ2DG=(B
	$B$J$9$Y$F$N(BCPU$B$r;HMQ$9$k$N$KET9g$,$h$/!$$^$?!$%7%s%0%k%W%m%;%C(B
	$B%5!&%7%9%F%`$K$*$$$F$b!$%S%k%I:n6H$N(B scheduling latency $B$r:G>.(B
	$B$K$9$k$?$a$K!$9-$/MQ$$$i$l$F$$$^$9(B.

scheduling latency $B$O$I$&Lu$9$H$$$$$+$J!)(B

> However make(1) uses the temporary file in an insecure way, repeatedly
> deleting and reusing the same file name for the entire life of the
> program.
Hiroki Sato <hrs@geocities.co.jp>:
>  |$B$7$+$7(B make(1) $B$O!$?F%W%m%;%9$N@8B84|4VCf!$F1$8%U%!%$%kL>$N%U%!%$%k$r(B
>  |$B0l;~%U%!%$%k$H$7$F7+JV$7:F;HMQ$9$k(B, $B$H$$$&0BA4$G$J$$J}K!$r$H$C$F$$$^$9(B.

$B$d$C$Q$j!V:o=|!W$K$D$$$F$OF~$l$?J}$,$$$$$H;W$&!#!VF1$8%U%!%$%kL>$N%U%!(B
$B%$%k!W$O!VF1L>%U%!%$%k!W$G$$$$$G$9$M!#(B

> This makes it vulnerable to a race condition wherein a
> malicious user could observe the name of the temporary file being
> used, and replace the contents of a later instance of the file with
> her desired commands after the legitimate commands have been written.
> $B0-0U$r;}$D%f!<%6$,!$;H$o$l(B
> $B$k0l;~%U%!%$%k$NL>A0$r4Q;!$G$-$^$9$+$i!$@55,$N%3%^%s%I$,=q$-9~$^$l$?8e$K!$(B
> $B%U%!%$%k$NFbMF$rG$0U$N%3%^%s%I$K=q$-49$($k$3$H$,2DG=$G$"$k$H$$$&6%9g>uBV(B
> $B$,@8$8$k$H$$$&LdBj$,$"$j$^$9!%(B 

could $B$O(B observe $B$@$1$G$J$/!"A4BN$K$+$+$j$^$9!#(B
$B$^$?!"!V;H$o$l$k!W"*!V;HMQ$5$l$F$$$k!W$G$7$g$&!#(B-ing $B$G$9$+$i!#(B

> All versions of NetBSD and OpenBSD are also believed to be vulnerable
> to this problem. Other systems using a BSD-derived make(1) binary may
> also be vulnerable.
> NetBSD $B$H(B OpenBSD $B$NA4$F$N%P!<%8%g%s$K$bF1MM$NLdBj$,$"$k$H3N?.$5$l$F$$$^(B
> $B$9!%(BBSD $B5/8;$N(B make(1) $B%P%$%J%j$r:NMQ$7$F$$$k!$B>$NA4$F$N%7%9%F%`$K$b!$(B
> $B$3$NLdBj$,$"$k2DG=@-$,$"$j$^$9!%(B

$B$3$l$O:4F#$5$s$N;XE&DL$j!#(B

> III. $B1F6A(B
> 
> Local users could execute arbitrary shell commands as part of the
> build process scheduled by "make -j" by another user.
> 
> $B%m!<%+%k%f!<%6!<$,!$B>$N%f!<%6$N(B "make -j" $B$+$i<B9T$5$l$k%S%k%I%W%m%;%9(B
> $B$N0lIt$H$7$FG$0U$N%7%'%k%3%^%s%I$r<B9T$9$k$3$H$,2DG=$G$9!%(B 

$B!V%f!<%6!<!W"*!V%f!<%6!W(B

> V.   $B2r7h:v(B
$B!D(B $B$5$/$C$HN,(B $B!D(B
> To patch your present system: save the patch below into a file, and
> execute the following commands as root:
> $B%Q%C%A$NE,MQ$9$k$K$O!$0J2<$N%Q%C%A$r%U%!%$%k$K%;!<%V$7!$(Broot $B8"8B$G0J2<(B
> $B$N%3%^%s%I$r<B9T$7$^$9!%(B

$B!V%Q%C%A$N!W"*!V%Q%C%A$r!W(B


$B$3$s$J$H$3$+$J!#(B
----
$B$3$,$h$&$$$A$m$&(B
