From 48b8d47ca245a7837af593f14e688ee04720f68a Mon Sep 17 00:00:00 2001 From: ulfvonbelow Date: Thu, 2 Feb 2023 19:29:49 +0000 Subject: Makefile.am: don't install cron as setuid. Setuid scripts are disabled on most systems anyway. Also cron refuses to run if the real user id isn't 0, so there's no point in it being setuid anyway. Also also, no attempt at controlling the environment has been made, so even if the symlink race conditions that make setuid scripts vulnerable were resolved, it would still be unsafe. --- Makefile.am | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 09a0d6d..a9ef5a9 100755 --- a/Makefile.am +++ b/Makefile.am @@ -168,8 +168,7 @@ install-exec-hook: if MULTI_USER tcrontab=`echo crontab | sed '$(transform_exe)'`; \ chmod u+s $(DESTDIR)$(bindir)/$${tcrontab} - tcron=`echo cron | sed '$(transform_exe)'`; \ - chmod u+s $(DESTDIR)$(sbindir)/$${tcron} + tcron=`echo cron | sed '$(transform_exe)'`; endif tmcron=`echo mcron | sed '$(transform_exe)'`; -- cgit v1.2.3