install-sh: avoid (low risk) race in "/tmp"
Ensure that nobody can cross privilege boundaries by pre-creating
symlink on '$tmpdir' destination directory.
Just testing 'mkdir -p' by creating "/tmp/ins$RANDOM-$$/d" is not safe
because "/tmp" directory is usually world-writeable and
"/tmp/ins$RANDOM-$$" content could be pretty easily guessed by
attacker (at least for shells where $RANDOM is not supported). So, as
the first step, create the "/tmp/ins$RANDOM-$$" without -p. This step
would fail early if somebody wanted catch us.
Systems that implement (and have enabled) fs.protected_symlinks kernel
feature are not affected even without this commit.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760455
https://bugzilla.redhat.com/show_bug.cgi?id=
1140725
* lib/install-sh: Implement safer 'mkdir -p' test by running
'$mkdirprog $mkdir_mode "$tmpdir"' first.
* NEWS: Update.
Signed-off-by: Mathieu Lirzin <mthl@gnu.org>