SummaryRefsLogTreeCommitDiffStats
path: root/mcron.c
diff options
context:
space:
mode:
authorDale Mellor <dale@rdmp.org>2015-10-22 06:59:21 +0100
committerDale Mellor <dale@rdmp.org>2015-10-22 06:59:21 +0100
commitc0a6eb14c257a47e9573631e5ac09e6528fba377 (patch)
treea36115815cf89f6bdfd745fb8c7ddd3ae252334c /mcron.c
parent024027ae2dcc425f7a3bf5bf3ff3671833b02ce6 (diff)
downloadmcron-c0a6eb14c257a47e9573631e5ac09e6528fba377.tar.gz
mcron-c0a6eb14c257a47e9573631e5ac09e6528fba377.tar.bz2
mcron-c0a6eb14c257a47e9573631e5ac09e6528fba377.zip
Taken on board suggestions of Mathieu Lirzin as per e-mails to the bug-mcron@gnu.org mailing list around September 2015.
Diffstat (limited to 'mcron.c')
-rw-r--r--mcron.c115
1 files changed, 115 insertions, 0 deletions
diff --git a/mcron.c b/mcron.c
new file mode 100644
index 0000000..3776632
--- /dev/null
+++ b/mcron.c
@@ -0,0 +1,115 @@
+/* mcron.c -- Run the mcron program.
+ *
+ * Copyright (C) 2015 Mathieu Lirzin
+ * Copyright (C) 2003, 2014 Dale Mellor
+ *
+ * This file is part of GNU Mcron.
+ *
+ * GNU Mcron is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option)
+ * any later version.
+ *
+ * GNU Mcron is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with GNU Mcron. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/*
+ * This C code represents the thinnest possible wrapper around the Guile code
+ * which constitutes all the functionality of the mcron program. There are
+ * two plus one reasons why we need to do this, and one very unfortunate
+ * consequence.
+ *
+ * Firstly, SUID does not work on an executable script. In the end, it is
+ * the execution of the translator, in our case guile, which determines the
+ * effective user, and it is not wise to make the system guile installation
+ * SUID root!
+ *
+ * Secondly, executable scripts show up in ugly ways in listings of the
+ * system process table. Guile in particular, with its multi-line ``#! ...\
+ * \n -s ...!#'' idiosyncracies shows up in process listings in a way that
+ * is difficult to determine what program is actually running.
+ *
+ * A third reason for the C wrapper which might be mentioned is that a
+ * security-conscious system administrator can choose to only install a
+ * binary, thus removing the possibility of a user studying a guile script
+ * and working out ways of hacking it to his own ends, or worse still
+ * finding a way to modify it to his own ends.
+ *
+ * Unfortunately, running the guile script from inside a C program means
+ * that the sigaction function does not work. Instead, it is necessary to
+ * perform the signal processing in C.
+ */
+
+
+
+#include <libguile.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+
+/* Handle the signal and exit. All signals that mcron handles will produce
+ * the same behavior so we don't need to use the signal value in the
+ * implementation. */
+
+static void
+react_to_terminal_signal (int signal)
+{
+ scm_c_eval_string ("(delete-run-file)");
+ exit (1);
+}
+
+
+
+/* Set up all the signal handlers as required by the cron personality. This
+ * is necessary to perform the signal processing in C because the sigaction
+ * function won't work when called from Guile; this function is called from
+ * the Guile universe. */
+
+static SCM
+set_cron_signals ()
+{
+ static struct sigaction sa;
+
+ memset (&sa, 0, sizeof (sa));
+ sa.sa_handler = react_to_terminal_signal;
+ sigaction (SIGTERM, &sa, 0);
+ sigaction (SIGINT, &sa, 0);
+ sigaction (SIGQUIT, &sa, 0);
+ sigaction (SIGHUP, &sa, 0);
+
+ return SCM_BOOL_T;
+}
+
+
+
+/* Launch the Mcron Guile main program. */
+
+static void
+inner_main (void *closure, int argc, char **argv)
+{
+ scm_set_current_module (scm_c_resolve_module ("mcron main"));
+ scm_c_define_gsubr ("c-set-cron-signals", 0, 0, 0, set_cron_signals);
+ scm_c_eval_string ("(main)");
+}
+
+
+
+/* The real main function. Does nothing but start up the guile subsystem. */
+
+int
+main (int argc, char **argv)
+{
+ setenv ("GUILE_LOAD_PATH", GUILE_LOAD_PATH, 1);
+ scm_boot_guile (argc, argv, inner_main, 0);
+
+ return 0;
+}