VULHUB ™

There is an exploitable race condition in BSD derived versions of make. The problem lies in the way that make communicates with its children processes when passed the -j parameter. "make" does so by writing shell commands to temporary files in /tmp, which the children process read (and then execute..). In the process of doing this, "make" creates and resuses temporary files several times with known filenames. If the file name being used were to be observed by an attacker, it is possible to write arbitrary commands to these files immediately after legitimate ones, then have them executed by the child processes if the race is won.

There is an exploitable race condition in BSD derived versions of make. The problem lies in the way that make communicates with its children processes when passed the -j parameter. "make" does so by writing shell commands to temporary files in /tmp, which the children process read (and then execute..). In the process of doing this, "make" creates and resuses temporary files several times with known filenames. If the file name being used were to be observed by an attacker, it is possible to write arbitrary commands to these files immediately after legitimate ones, then have them executed by the child processes if the race is won.