AboutSummaryRefsLogTreeCommitDiffStats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* crontab-access: replace with wrapper, rename to crontab-access-real.ulfvonbelow2023-03-181-3/+16
| | | | | | | | | | | | | | | | | | | | The wrapper has two purposes: 1. Not being a script, thereby eliminating the issues with setuid scripts. 2. Purging the environment. crontab-access-real has no need for any environment variables to do its work, so to prevent tampering with dynamic linker, libc, or guile, we may as well just unset them all. This wrapper does introduce a requirement for a C compiler. Ideally it would be conditional based on whether the wrapper is even going to be built, but autoconf doesn't like that one bit. Someone with more experience with autotools should sort that out. In the meantime I guess anyone wanting to build without a C compiler being present is going to have to edit configure.ac and re-run bootstrap. * src/crontab-access.in: renamed to src/crontab-access-real.in * src/crontab-access.c.in: new file, wrapper for crontab-access-real. * Makefile.am: inform about crontab-access.c.in and name change to crontab-access-real. Put crontab-access-real in libexecdir.
* crontab: split into crontab and setuid helper crontab-access.ulfvonbelow2023-03-181-7/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a user did somehow manage to install this crontab as functioning setuid-root in its current state (despite linux ignoring the setuid bit when executing scripts), it would be a very bad thing for them. It currently has several glaring security holes. In approximate order from most to least severe: 1. It blindly calls system() with the user-supplied value of VISUAL or EDITOR, without dropping privileges. I can't fathom what the author was thinking, considering (mcron scripts crontab) is littered with comments and evidence that this is supposed to be a setuid-root program. An attacker could simply run EDITOR='sh #' crontab -e and get a root shell. If you try this, you may find that it coincidentally doesn't work because bash in particular always drops privileges on startup if it detects differing real and effective ids. I don't know whether other shells do this, but it actually doesn't matter as long as you're using glibc, because its system() consults PATH looking for sh. One false entry in there and an attacker is running arbitrary code as root. And crontab doesn't do any sanitizing of *any* environment variables. 2. No attempt is made to sanitize any environment variables. Also, depending on Guile's startup behavior, trying to sanitize them in guile may be too late. A wrapper is needed, which would be needed anyway in order to use a setuid script. 3. No attempt is made to ensure that the temporary file being edited is newly-created, so an attacker could guess or deduce the filename to be used, create it in advance, keep it open while crontab opens it, and overwrite it right before it is copied, allowing them to execute arbitrary code as any user that dared edit their crontab, including root. 4. Its replace mode accepts a filename. It does no validation whatsoever on this, opens it, and copies it to the user's crontab as long as it's valid vixie cron syntax. So for example, crontab /var/cron/tabs/root && crontab --list will let you freely read root's (and in a similar manner any other user's) crontab. Vixie cron includes comments in its valid syntax, so any file that consists entirely of comments can also be dumped. Also, any file for which opening it and reading from it has side-effects can have those side-effects triggered even if it isn't valid vixie cron syntax. 5. Crontabs created in /tmp for editing, as well as crontabs created in /var/cron/tabs, are world-readable with typical inherited umask. (1) and (4) are resolved by splitting crontab into two programs: crontab, which is no longer setuid, and crontab-access, which is. The setuid program no longer opens any files except for the user's crontab and the allow/deny files, and it runs no external programs whatsoever. Crontab is run as the invoking user, so the usual kernel-level permissions checks regarding which files can be opened for reading apply. The editor is run from crontab, as the invoking user, so sanitizing of the environment in the setuid helper has no effect on the editor's environment. (2) to be resolved shortly with a wrapper program. (3) is resolved by using mkstemp. The inability to control the mode it is created with, along with (5), are resolved by setting the umask properly. * src/mcron/scripts/crontab-access.scm: new module. * src/mcron/scripts/crontab.scm: move list, delete, and replace implementation to crontab-access. * src/crontab-access.in: new file to invoke main of crontab-access. * Makefile.am: inform of crontab-access.in and crontab-access.scm.
* config.scm.in: rename to config.scm.in.in, substitute from Makefile.ulfvonbelow2023-03-181-6/+9
| | | | | | * src/mcron/config.scm.in: renamed to config.scm.in.in. (config-sbin-dir): new variable. * Makefile.am: substitute in config.scm.in.
* Makefile.am: don't install cron as setuid.ulfvonbelow2023-03-181-2/+1
| | | | | | | | Setuid scripts are disabled on most systems anyway. Also cron refuses to run if the real user id isn't 0, so there's no point in it being setuid anyway. Also also, no attempt at controlling the environment has been made, so even if the symlink race conditions that make setuid scripts vulnerable were resolved, it would still be unsafe.
* Incorporate and use command-line-processor proposed for Guile coreDale Mellor2022-07-071-0/+2
| | | | | | | | | | | | | | | | | | Since the elimination of the C wrapping around mcron and all the executable scripts, a weakness in Guile's (ice-9 getopt-long) module means that the command 'mcron -s crontab.scm' does not currently work. A replacement for the getopt-long module, as well as a higher-level 'command-line-processor' facility, have been pushed to the Guile upstream developers and are awaiting approval and incorporation. In the meantime, those modules are temporarily incorporated here into the mcron package, and the code is modified to use those local versions. * Makefile.am: install two new Guile modules * src/{cron,crontab,mcron}.in: use local command-line-processor module * src/mcron/command-line-processor.scm: new module * src/mcron/getopt-long.scm: new module * tests/schedule{,-2}.sh: clarify tests of -s, --schedule options
* tests: Check (mcron vixie-specification)Mathieu Lirzin2022-07-071-0/+1
| | | | | * tests/vixie-specification.scm: New file. * Makefile.am (TESTS): Register it.
* build: Distribute script source filesMathieu Lirzin2020-05-081-0/+3
| | | | | | This allows 'make distcheck' to succeed. * Makefile.am (EXTRA_DIST): Add script source files.
* build: Handle missing "bin" directoryMathieu Lirzin2020-05-081-4/+5
| | | | | | | This fixes the generation of scripts when "bin" directory does not exist. * Makefile.am (bin/%): Invoke $(MKDIR_P) first.
* project: banish need for C compilerDale Mellor2020-04-201-38/+37
| | | | | | | | | | This patch gets rid of the thin veneer that we currently have around the three executables. This was done for historical reasons (circa 2003 Guile couldnʼt deal with process signals and forks). In fact these problems were fixed many moons ago, and there is now no need for it. The project becomes 100% Guile! Many files are affected; interested coders should use the GIT repository to understand the details of all the changes.
* test: demonstrate incorrect -s option on mcron programDale Mellor2020-04-201-0/+1
| | | | | | | | | | The option is supposed to be able to take an optional argument, but if the argument is not supplied (should default to 8) then the test, rather than failing, is skipped with a friendly message in the log file. The proper fix will come with an upstream patch to GNU Guile, and a future version of Mcron. * tests/schedule-2.sh: new test, new file * Makefile.am: make sure to run the new test file
* final push for 1.1.2v1.1.2Adam Bilbrough2018-11-261-18/+0
|
* tests: Add "tests/vixie-time.scm"Mathieu Lirzin2018-04-081-1/+2
| | | | | * tests/vixie-time.scm: New test. * Makefile.am (TESTS): Add it.
* build: Add "maint.mk"Mathieu Lirzin2018-03-261-0/+6
| | | | | | * maint.mk: New maintainer-only Makefile fragment. * Makefile.am: Include it. * configure.ac: Substitute "maint.mk" content when it exists.
* tests: Add "tests/utils.scm"Mathieu Lirzin2018-03-251-1/+2
| | | | | * tests/utils.scm: New test. * Makefile.am (TESTS): Add it.
* tests: Add "tests/base.scm"Mathieu Lirzin2018-03-241-0/+1
| | | | | * tests/base.scm: New test. * Makefile.am (TESTS): Add it.
* maint: Update copyright yearsMathieu Lirzin2018-03-201-1/+1
|
* build: Support 'make installcheck'Mathieu Lirzin2018-03-201-0/+16
| | | | | | | * configure.ac: Pass 'std-options' to AM_INIT_AUTOMAKE to check that the "--help" and "--version" options can be passed to installed programs. * Makefile.am (installcheck-local): New rule which checks the programs presence and configuration.
* build: Properly set Guile load paths in programsMathieu Lirzin2018-03-201-2/+2
| | | | | | | | | | This fixes an issue where the installed Guile load paths were set by the undefined 'moduledir' Make macro. * Makefile.am (AM_CPPFLAGS): Define PACKAGE_LOAD_PATH with 'guilesitedir' macro and PACKAGE_LOAD_COMPILED_PATH with 'guilesitegodir'. * NEWS: Update.
* build: Handle all programs names transformationsMathieu Lirzin2018-03-201-3/+4
| | | | | | | | | | | | Previously only prepending a prefix was handled when installing 'crontab'. Using the 'transform' Make macro allows the installation process to support generic transformations as defined by the '--program-suffix' and '--program-transform-name' configure options. * configure.ac: Don't substitue '@real_program_prefix@'. * Makefile.am (fpp): Remove. (transform_exe): New macro. [MULTI_USER] (install-exec-hook): Use it when installing 'crontab'.
* build: Programs are not implicitly depending on librariesMathieu Lirzin2018-03-171-3/+3
| | | | | | | | Before that change, it was possible for 'make' to try linking programs before 'src/libmcron.a' was built. * Makefile.am (bin_mcron_DEPENDENCIES, bin_cron_DEPENDENCIES) (bin_crontab_DEPENDENCIES): Add '$(noinst_LIBRARIES)'.
* tests: Add 'schedule.sh'Mathieu Lirzin2018-03-161-0/+1
| | | | | | | * tests/schedule.sh: New test. * Makefile.am (TESTS): Add it. * src/mcron/job-specifier.scm (configuration-time): Use SOURCE_DATE_EPOCH for reproducible tests.
* maint: Replace "README--git" with "HACKING"Mathieu Lirzin2017-09-291-0/+1
| | | | | | * README--git: Delete. * HACKING: New file documenting how to contribute to Mcron. * Makefile.am (EXTRA_DIST): Distribute it.
* tests: Add 'basic.sh'Mathieu Lirzin2017-09-281-1/+5
| | | | | | | | | | * tests/init.sh: New test framework from Gnulib. * tests/basic.sh: New test. * Makefile.am (TESTS): Add it. (TEST_EXTENSIONS): Add '.sh'. (SH_LOG_COMPILER): Use 'pre-inst-env'. (EXTRA_DIST): Add 'tests/init.sh'. * build-aux/pre-inst-env.in: export $srcdir for shell tests.
* Replace generic C wrapper with individual programsMathieu Lirzin2017-09-281-6/+3
| | | | | | | | | | | * src/wrapper.c: Delete. * src/crontab.c: New file. * src/mcron.c: Likewise. * src/cron.c: Likewise. * configure.ac: Adapt 'AC_CONFIG_DIR' to use "src/mcron.c". * Makefile.am (bin_crontab_SOURCES, bin_cron_SOURCES) (bin_mcron_SOURCES): Use new files. (bin_cron_CPPFLAGS, bin_mcron_CPPFLAGS, bin_crontab_CPPFLAGS): Delete.
* wrapper: Move 'wrap_env_path' to a new 'utils' module.Mathieu Lirzin2017-09-281-1/+7
| | | | | | | | | * src/wrapper.c: Move 'wrap_env_path' to ... * src/utils.h: ... here. New module. * src/utils.c: New file. * configure.ac: Use AC_PROG_RANLIB and AM_PROG_AR. * Makefile.am (noinst_LIBRARIES, src_libmcron_a_SOURCES): New variables. (LDADD): Add 'src/libmcron.a'.
* build: Replace "--enable-no-vixie-clobber" with "--disable-multi-user".Mathieu Lirzin2017-09-281-23/+21
| | | | | | | | | | | | | | | | * configure.ac: Define "--disable-multi-user" option instead of "--enable-no-vixie-clobber". * Makefile.am (install-exec-hook) [MULTI_USER]: Only set crontab setuid bit. (bin_PROGRAMS): Keep only 'mcron' by default. (bin_PROGRAMS) [MULTI_USER]: Add 'crontab' (sbin_PROGRAMS) [MULTI_USER]: Add 'cron'. (noinst_PROGRAMS) [!MULTI_USER]: Add 'cron' and 'crontab'. (dist_man_MANS): Move 'crontab.1' and 'cron.8' ... (extra_mans): here. New variable. (dist_man_MANS) [MULTI_USER]: Add it. (all-local) [!MULTI_USER]: New target. Depend on it. (EXTRA_DIST) [!MULTI_USER]: Distribute it. (MAINTAINERCLEANFILES): Clean it.
* build: Separate "Makefile.am" into more sections.Mathieu Lirzin2017-09-281-28/+50
| | | | | * Makefile.am: Add "Installation", "Distribution", "Test suite", "Programs", and "Guile modules" sections.
* build: Add 'bootstrap' script.Mathieu Lirzin2017-09-281-0/+1
| | | | | * bootstrap: New file. * Makefile.am (EXTRA_DIST): Add it.
* Add (mcron core) module.Mathieu Lirzin2017-09-281-0/+3
| | | | | This module is an alias for (mcron base) module. This modules is added to keep backward compatibility with Mcron 1.x.
* build: Install '.go' files under LIBDIR.Mathieu Lirzin2017-09-281-14/+15
| | | | | | | | | | | * Makefile.am (compiled_modules): New variable. (bin_mcron_DEPENDENCIES, bin_cron_DEPENDENCIES) (bin_crontab_DEPENDENCIES): Use it. (guilesitegodir, pkgmodulegodir, pkgmodulego_DATA) (pkgscriptgodir, pkgscriptgo_DATA): New variables (pkgmodule_DATA): Remove compiled modules. (pkgscript_DATA): Delete. (DISTCLEANFILES, CLEANFILES): Update.
* build: Don't generate '.version' file.Mathieu Lirzin2017-09-281-5/+0
| | | | | | | * Makefile.am (.version): Remove target which has no use. (EXTRA_DIST): Adapt. (BUILT_SOURCES): Delete. * .gitignore: Update.
* build: Rename variables for Guile install directories.Mathieu Lirzin2017-09-281-9/+13
| | | | | | | | | | * configure.ac (moduledir, mcronmoduledir): Rename to ... * Makefile.am (guilesitedir, pkgmoduledir): ... these. (dist_mcronmodule_DATA, mcronmodule_DATA, mcronscriptdir) (dist_mcronscript_DATA, mcronscript_DATA): Rename to ... (dist_pkgmodule_DATA, pkgmodule_DATA, pkgscriptdir, dist_pkgscript_DATA) (pkgscript_DATA): ... these. (modules): Adapt.
* build: Define PACKAGE_LOAD_COMPILED_PATH macro.Mathieu Lirzin2017-09-271-1/+5
| | | | | * Makefile.am (AM_CPPFLAGS): Define PACKAGE_LOAD_COMPILED_PATH macro. * src/wrapper.c (main): Use it.
* wrapper: Avoid 'scm_c_eval_string' usage.Mathieu Lirzin2017-09-271-2/+2
| | | | | | | | * src/wrapper.c (wrap_env_path): New function. (main): Use it. (inner_main): Let 'wrap_env_path' set the environment variables. Don't use 'scm_c_eval_string' when calling 'main' procedure. * Makefile.am (AM_CPPFLAGS): Define _GNU_SOURCE for 'asprintf'.
* build: Use portable substitution references.Mathieu Lirzin2016-12-281-6/+6
| | | | | | * Makefile.am (bin_mcron_DEPENDENCIES, bin_cron_DEPENDENCIES) (bin_crontab_DEPENDENCIES, mcronmodule_DATA, mcronscript_DATA) (CLEANFILES): Use portable substitution references.
* build: Add "build-aux/guix.scm".Mathieu Lirzin2016-12-281-0/+1
| | | | | * build-aux/guix.scm: New file. * Makefile.am (EXTRA_DIST): Add it.
* build: Move executable to "bin" directory.Mathieu Lirzin2016-12-281-14/+14
| | | | | | | | | | | | | | * Makefile.am (bin_PROGRAMS, sbin_PROGRAMS): Prepend "bin/" to every program. (mcron_SOURCES, mcron_CPPFLAGS, mcron_DEPENDENCIES): Rename to ... (bin_mcron_SOURCES, bin_mcron_CPPFLAGS, bin_mcron_DEPENDENCIES): ... this. (cron_SOURCES, cron_CPPFLAGS, cron_DEPENDENCIES): Rename to ... (bin_cron_SOURCES, bin_cron_CPPFLAGS, bin_cron_DEPENDENCIES): ... this. (crontab_SOURCES, crontab_CPPFLAGS, crontab_DEPENDENCIES): Rename to ... (bin_crontab_SOURCES, bin_crontab_CPPFLAGS, bin_crontab_DEPENDENCIES): ($(srcdir)/doc/cron.8, $(srcdir)/doc/crontab.1, $(srcdir)/doc/mcron.1): Update prerequisite. * build-aux/pre-inst-env.in (PATH): Use "bin" directory. * .gitignore: Update.
* maint: Generate version number.Mathieu Lirzin2016-12-281-1/+9
| | | | | | | | | | * build-aux/git-version-gen: New script. * configure.ac (AC_INIT): Use it. (AC_REQUIRE_AUX_FILE): Distribute it. * Makefile.am (.version): New target. (BUILT_SOURCES, EXTRA_DIST): Add it. (dist-hook): Generate ".tarball-version". * .gitignore: Update.
* build: Rename (mcron main) to (mcron utils).Mathieu Lirzin2016-12-281-1/+1
| | | | | | | | | * src/mcron/main.scm: Rename to ... * src/mcron/utils.scm: ... this. * src/mcron/scripts/cron.scm: Adapt. * src/mcron/scripts/crontab.scm: Likewise. * src/mcron/scripts/mcron.scm: Likewise. * Makefile.am (dist_mcronmodule_DATA): Likewise.
* maint: Delete BUGS.Mathieu Lirzin2016-12-281-1/+1
| | | | | | * BUGS: Delete. * Makefile.am (EXTRA_DIST): Adapt. * README: Likewise.
* maint: Reformat copyright notices and copying permission statements.Mathieu Lirzin2016-12-281-6/+7
|
* build: Rename 'mcron.c' to 'wrapper.c'.Mathieu Lirzin2016-12-281-3/+3
| | | | | | | * src/mcron.c: Rename to ... * src/wrapper.c: ... this. * Makefile.am (mcron_SOURCES, cron_SOURCES, crontab_SOURCES): Adapt to it. * configure.ac (AC_CONFIG_SRCDIR): Likewise.
* build: Define PACKAGE_LOAD_PATH in Makefile.Mathieu Lirzin2016-12-011-3/+4
| | | | | | | | | | | | Previously PACKAGE_LOAD_PATH was set in config header which wasn't correctly expanded due to the presence of ${prefix} in ${moduledir}. Let 'make' handle the expansion. * Makefile.am (AM_CPPFLAGS): New variable. (cron_CPPFLAGS, crontab_CPPFLAGS, mcron_CPPFLAGS): Use it. * configure.ac (PACKAGE_LOAD_PATH): Undefine it. (AC_CONFIG_HEADER): Remove macro. * src/mcron.c: Adapt to it.
* build: Silence 'guild compile' output.Mathieu Lirzin2016-12-011-1/+5
| | | | | | * Makefile.am (devnull_verbose, devnull_verbose_, devnull_verbose_0): New variables (.scm.go): Use $(devnull_verbose).
* build: Use Automake warnings.Mathieu Lirzin2016-12-011-4/+4
| | | | | | | * configure.ac (AM_INIT_AUTOMAKE): Add more warnings. * Makefile.am (AM_V_GUILEC, AM_V_GUILEC_, AM_V_GUILEC_0): Rename to ... (guilec_verbose, guilec_verbose_, guilec_verbose_0): ... these. Make them more portable. This follows an example from Automake manual.
* doc: Generate a man page for every program.Mathieu Lirzin2016-12-011-12/+25
| | | | | | | | | | * Makefile.am (dist_man_MANS): Add 'cron' and 'crontab' man page. Generate man pages in $(srcdir). (MAINTAINERCLEANFILES, gen_man): New variables. (AM_V_HELP2MAN, AM_V_HELP2MAN_, AM_V_HELP2MAN_0): Delete unneeded variables. ($(srcdir)/doc/crontab.1, $(srcdir)/doc/cron.8): New targets. (doc/mcron.1): Rename to ... ($(srcdir)/doc/mcron.1)): ... this.
* environment: modify-environment: Add tests.Mathieu Lirzin2016-12-011-1/+3
| | | | | * tests/environment.scm: New test. * Makefile.am (TESTS): Add it.
* job-specifier: range: Add tests.Mathieu Lirzin2016-12-011-1/+10
| | | | | | | | | | * build-aux/test-driver.scm: New script. * configure.ac (AC_REQUIRE_AUX_FILE): Add it. * tests/job-specifier.scm: New test. * Makefile.am (TEST_EXTENSIONS, AM_TESTS_ENVIRONMENT, SCM_LOG_DRIVER) (TESTS): New variables. (EXTRA_DIST): Update. * .gitignore: Likewise.
* build: Fix prerequisite for mcron man page.Mathieu Lirzin2016-12-011-1/+1
| | | | | * Makefile.am (doc/mcron.1): Depend on the Guile script instead of the C wrapper.
* all: Separate programs in different executables.Mathieu Lirzin2016-12-011-9/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This improves readability and complies with the GNU Coding Standards by making the behavior of the programs independent of the name used to invoke them. * src/mcron/scripts/cron.scm: New file. * src/mcron/scripts/crontab.scm: Likewise. * src/mcron/scripts/mcron.scm: Likewise. * Makefile.am (dist_mcronmodule_DATA): Remove 'src/mcron/crontab.scm'. (bin_PROGRAMS): Add 'crontab'. (sbin_PROGRAMS): Add 'cron'. (mcron_CFLAGS, mcron_LDADD): Rename to ... (AM_CFLAGS, LDADD): ... these. (cron_SOURCES, cron_CPPFLAGS, cron_DEPENDENCIES) (crontab_SOURCES, crontab_CPPFLAGS, crontab_DEPENDENCIES) (mcron_CPPFLAGS, mcronscriptdir, dist_mcronscript_DATA): New variables. (modules): Redefine it in terms of other '_DATA' variables. * src/mcron/crontab.scm: Remove file. * src/mcron/main.scm (parse-args): New procedure. (command-name, command-type, options): Remove. (show-version): Adapt. (show-help, process-files-in-system-directory, cron-file-descriptors) (main, process-user-file, process-files-in-user-directory): Move procedures in the new files. * src/mcron.c (inner_main): Define the current module at compile time. * TODO: Update. * .gitignore: Likewise.