Hello,
Cautious sysadmins run "make -n install" as a normal user before
actually installing software, to validate what the installation is
going to do. This should catch some misconfigurations and malicious
Makefile code.
The Makefile for openssl behaves very badly with this command.
The "install" target is not supposed to build anything anymore,
it should just move the already built files to the proper location.
A common practise is to mount the source directory to several
target machines and run "make install" on them all simultaneously.
If the "install" target modifies the files, this can cause all
sorts of problems.
Furthermore, "make -n install" ultimately fails with the following error:
installing libcrypto.so.1.0.0
cp: cannot create /opt/ssl/lib/libcrypto.so.1.0.0.new: Permission denied
*** Error code 2
make: Fatal error: Command failed for target `install_sw'
Makefile shouldn't attempt to do anything when make is invoked with "-n",
it should just show the commands.
This sort of misbehaviour gnaws away at the most important attribute
that a security library has: trustworthiness.
--
Aleksi Suhonen / Axu TM Oy
Internetworking Consulting
Cellular: +358 45 670 2048
World Wide Web: www.axu.tm
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
