Skip to content

Commit d333eba

Browse files
committed
Document issue with default installation paths on diverse Windows targets
For all config targets (except VMS, because it has a completely different set of scripts), '/usr/local/ssl' is the default prefix for installation of programs and libraries, as well as the path for OpenSSL run-time configuration. For programs built to run in a Windows environment, this default is unsafe, and the user should set a different prefix. This has been hinted at in some documentation but not all, and the danger of leaving the default as is hasn't been documented at all. This change documents the issue as a caveat lector, and all configuration examples now include an example --prefix. CVE-2019-1552 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #9456)
1 parent 0bc650d commit d333eba

File tree

5 files changed

+61
-9
lines changed

5 files changed

+61
-9
lines changed

Diff for: CHANGES

+6-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,12 @@
99

1010
Changes between 1.0.2s and 1.0.2t [xx XXX xxxx]
1111

12-
*)
12+
*) Document issue with installation paths in diverse Windows builds
13+
14+
'/usr/local/ssl' is an unsafe prefix for location to install OpenSSL
15+
binaries and run-time config file.
16+
(CVE-2019-1552)
17+
[Richard Levitte]
1318

1419
Changes between 1.0.2r and 1.0.2s [28 May 2019]
1520

Diff for: INSTALL.DJGPP

+12-2
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,18 @@
3333
running in a DOS box under Windows. If so, just close the BASH
3434
shell, go back to Windows, and restart BASH. Then run "make" again.
3535

36-
RUN-TIME CAVEAT LECTOR
37-
--------------
36+
CAVEAT LECTOR
37+
-------------
38+
39+
### Default install and config paths
40+
41+
./Configure defaults to '/usr/local/ssl' as installation top. This is
42+
suitable for Unix, but not for Windows, where this usually is a world
43+
writable directory and therefore accessible for change by untrusted users.
44+
It is therefore recommended to set your own --prefix or --openssldir to
45+
some location that is not world writeable (see the example above)
46+
47+
### Entropy
3848

3949
Quoting FAQ:
4050

Diff for: INSTALL.W32

+21-3
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,17 @@
3434
get it all to work. See the trouble shooting section later on for if (when?)
3535
it goes wrong.
3636

37+
CAVEAT LECTOR
38+
-------------
39+
40+
### Default install and config paths
41+
42+
./Configure defaults to '/usr/local/ssl' as installation top. This is
43+
suitable for Unix, but not for Windows, where this usually is a world
44+
writable directory and therefore accessible for change by untrusted users.
45+
It is therefore recommended to set your own --prefix or --openssldir to
46+
some location that is not world writeable (see the example above)
47+
3748
Visual C++
3849
----------
3950

@@ -104,7 +115,7 @@
104115
---------------------
105116

106117
* Configure for building with Borland Builder:
107-
> perl Configure BC-32
118+
> perl Configure BC-32 --prefix=c:\some\openssl\dir
108119

109120
* Create the appropriate makefile
110121
> ms\do_nasm
@@ -196,7 +207,7 @@
196207

197208
* Compile OpenSSL:
198209

199-
$ ./config
210+
$ ./config --prefix=c:/some/openssl/dir
200211
[...]
201212
$ make
202213
[...]
@@ -206,7 +217,11 @@
206217
and openssl.exe application in apps directory.
207218

208219
It is also possible to cross-compile it on Linux by configuring
209-
with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
220+
like this:
221+
222+
$ ./Configure --cross-compile-prefix=i386-mingw32- \
223+
--prefix=c:/some/openssl/dir mingw ...
224+
210225
'make test' is naturally not applicable then.
211226

212227
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
@@ -240,6 +255,9 @@
240255
$ copy /b out32dll\libeay32.dll c:\openssl\bin
241256
$ copy /b out32dll\openssl.exe c:\openssl\bin
242257

258+
("c:\openssl" should be whatever you specified to --prefix when
259+
configuring the build)
260+
243261
Of course, you can choose another device than c:. C: is used here
244262
because that's usually the first (and often only) harddisk device.
245263
Note: in the modssl INSTALL.Win32, p: is used rather than c:.

Diff for: INSTALL.W64

+10-2
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,14 @@
3030
Neither of these is actually big deal and hardly encountered
3131
in real-life applications.
3232

33+
### Default install and config paths
34+
35+
./Configure defaults to '/usr/local/ssl' as installation top. This is
36+
suitable for Unix, but not for Windows, where this usually is a world
37+
writable directory and therefore accessible for change by untrusted users.
38+
It is therefore recommended to set your own --prefix or --openssldir to
39+
some location that is not world writeable (see the example above)
40+
3341
Compiling procedure
3442
-------------------
3543

@@ -43,15 +51,15 @@
4351

4452
To build for Win64/x64:
4553

46-
> perl Configure VC-WIN64A
54+
> perl Configure VC-WIN64A --prefix=c:\some\openssl\dir
4755
> ms\do_win64a
4856
> nmake -f ms\ntdll.mak
4957
> cd out32dll
5058
> ..\ms\test
5159

5260
To build for Win64/IA64:
5361

54-
> perl Configure VC-WIN64I
62+
> perl Configure VC-WIN64I --prefix=c:\some\openssl\dir
5563
> ms\do_win64i
5664
> nmake -f ms\ntdll.mak
5765
> cd out32dll

Diff for: INSTALL.WCE

+12-1
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,17 @@
3535
redirects IO to active sync link, while PortSDK - to NT-like console
3636
driver on the handheld itself.
3737

38+
CAVEAT LECTOR
39+
-------------
40+
41+
### Default install and config paths
42+
43+
./Configure defaults to '/usr/local/ssl' as installation top. This is
44+
suitable for Unix, but not for Windows, where this usually is a world
45+
writable directory and therefore accessible for change by untrusted users.
46+
It is therefore recommended to set your own --prefix or --openssldir to
47+
some location that is not world writeable (see the example above)
48+
3849
Building
3950
--------
4051

@@ -61,7 +72,7 @@
6172

6273
Next you should run Configure:
6374

64-
> perl Configure VC-CE
75+
> perl Configure VC-CE --prefix=c:\some\openssl\dir
6576

6677
Next you need to build the Makefiles:
6778

0 commit comments

Comments
 (0)