crontab-access: replace with wrapper, rename to crontab-access-real.
The wrapper has two purposes: 1. Not being a script, thereby eliminating the issues with setuid scripts. 2. Purging the environment. crontab-access-real has no need for any environment variables to do its work, so to prevent tampering with dynamic linker, libc, or guile, we may as well just unset them all. This wrapper does introduce a requirement for a C compiler. Ideally it would be conditional based on whether the wrapper is even going to be built, but autoconf doesn't like that one bit. Someone with more experience with autotools should sort that out. In the meantime I guess anyone wanting to build without a C compiler being present is going to have to edit configure.ac and re-run bootstrap. * src/crontab-access.in: renamed to src/crontab-access-real.in * src/crontab-access.c.in: new file, wrapper for crontab-access-real. * Makefile.am: inform about crontab-access.c.in and name change to crontab-access-real. Put crontab-access-real in libexecdir.
This commit is contained in:
ulfvonbelow
Dale Mellor
parent
2ff4d0f44e
commit
4727c770c2
GPG key ID:
CA471FD501618A49
4 changed files with 34 additions and 3 deletions
19
Makefile.am
19
Makefile.am
|
|
@ -26,11 +26,18 @@ noinst_SCRIPTS =
|
|||
|
||||
if MULTI_USER
|
||||
bin_SCRIPTS += bin/crontab
|
||||
sbin_SCRIPTS = bin/cron bin/crontab-access
|
||||
sbin_SCRIPTS = bin/cron
|
||||
libexec_SCRIPTS = bin/crontab-access-real
|
||||
sbin_PROGRAMS = bin/crontab-access
|
||||
else
|
||||
noinst_SCRIPTS += bin/cron bin/crontab bin/crontab-access
|
||||
noinst_SCRIPTS += bin/cron bin/crontab bin/crontab-access-real
|
||||
noinst_PROGRAMS = bin/crontab-access
|
||||
endif
|
||||
|
||||
# The dynamic linker should detect that it's being run for a setuid program,
|
||||
# but we take no chances.
|
||||
bin_crontab_access_LDFLAGS = -static
|
||||
|
||||
# wrapper to be used in the build environment and for running tests.
|
||||
noinst_SCRIPTS += pre-inst-env
|
||||
|
||||
|
|
@ -81,6 +88,8 @@ compiled_modules = \
|
|||
CLEANFILES = $(compiled_modules) \
|
||||
bin/crontab \
|
||||
bin/crontab-access \
|
||||
src/crontab-access.c \
|
||||
bin/crontab-access-real \
|
||||
bin/cron \
|
||||
bin/mcron
|
||||
DISTCLEANFILES = src/mcron/config.scm
|
||||
|
|
@ -123,6 +132,9 @@ do_subst = sed -e 's,%PREFIX%,${prefix},g' \
|
|||
src/mcron/config.scm: src/mcron/config.scm.in Makefile
|
||||
$(AM_V_GEN)$(do_subst) $< > $@
|
||||
|
||||
src/crontab-access.c: src/crontab-access.c.in Makefile
|
||||
$(AM_V_GEN)$(do_subst) $< > $@
|
||||
|
||||
bin/% : src/%.in Makefile
|
||||
$(AM_V_GEN)$(MKDIR_P) bin ; \
|
||||
$(do_subst) $< > $@ ; \
|
||||
|
|
@ -163,7 +175,8 @@ EXTRA_DIST = \
|
|||
HACKING \
|
||||
src/cron.in \
|
||||
src/crontab.in \
|
||||
src/crontab-access.in \
|
||||
src/crontab-access-real.in \
|
||||
src/crontab-access.c.in \
|
||||
src/mcron.in \
|
||||
tests/init.sh \
|
||||
$(TESTS)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue