(Install): Warn that you should create

author Paul Eggert <eggert@cs.ucla.edu>

Mon, 5 Jul 2004 07:07:05 +0000 (07:07 +0000)

committer Paul Eggert <eggert@cs.ucla.edu>

Mon, 5 Jul 2004 07:07:05 +0000 (07:07 +0000)
author Paul Eggert <eggert@cs.ucla.edu>
Mon, 5 Jul 2004 07:07:05 +0000 (07:07 +0000)
committer Paul Eggert <eggert@cs.ucla.edu>
Mon, 5 Jul 2004 07:07:05 +0000 (07:07 +0000)
diff --git a/doc/automake.texi b/doc/automake.texi

index b4a007b..0245b13 100644 (file)
--- a/doc/automake.texi
+++ b/doc/automake.texi
@@ -5258,10 +5258,13 @@ path is prefixed with the value of @samp{DESTDIR} before being copied
  into the install area.  Here is an example of typical DESTDIR usage:
  
  @example
+mkdir /tmp/staging &&
  make DESTDIR=/tmp/staging install
  @end example
  
-This places install objects in a directory tree built under
+The @command{mkdir} command avoids a security problem if the attacker
+creates a symbolic link from @file{/tmp/staging} to a victim area;
+then @command{make} places install objects in a directory tree built under
  @file{/tmp/staging}.  If @file{/gnu/bin/foo} and
  @file{/gnu/share/aclocal/foo.m4} are to be installed, the above command
  would install @file{/tmp/staging/gnu/bin/foo} and
author	Paul Eggert <eggert@cs.ucla.edu>
	Mon, 5 Jul 2004 07:07:05 +0000 (07:07 +0000)
committer	Paul Eggert <eggert@cs.ucla.edu>
	Mon, 5 Jul 2004 07:07:05 +0000 (07:07 +0000)