[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 2/5] Makefile.am: don't install cron as setuid.
From: |
ulfvonbelow |
Subject: |
[PATCH 2/5] Makefile.am: don't install cron as setuid. |
Date: |
Thu, 2 Feb 2023 19:29:49 +0000 |
Setuid scripts are disabled on most systems anyway. Also cron refuses to run
if the real user id isn't 0, so there's no point in it being setuid
anyway. Also also, no attempt at controlling the environment has been made, so
even if the symlink race conditions that make setuid scripts vulnerable were
resolved, it would still be unsafe.
---
Makefile.am | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 09a0d6d..a9ef5a9 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -168,8 +168,7 @@ install-exec-hook:
if MULTI_USER
tcrontab=`echo crontab | sed '$(transform_exe)'`; \
chmod u+s $(DESTDIR)$(bindir)/$${tcrontab}
- tcron=`echo cron | sed '$(transform_exe)'`; \
- chmod u+s $(DESTDIR)$(sbindir)/$${tcron}
+ tcron=`echo cron | sed '$(transform_exe)'`;
endif
tmcron=`echo mcron | sed '$(transform_exe)'`;
--
2.38.1
- [PATCH 0/5] Make vixie cron mode actually work, and work safely, ulfvonbelow, 2023/02/02
- [PATCH 2/5] Makefile.am: don't install cron as setuid.,
ulfvonbelow <=
- [PATCH 4/5] crontab: split into crontab and setuid helper crontab-access., ulfvonbelow, 2023/02/02
- [PATCH 5/5] crontab-access: replace with wrapper, rename to crontab-access-real., ulfvonbelow, 2023/02/02
- [PATCH 1/5] cron: use signal numbers instead of symbols., ulfvonbelow, 2023/02/02
- [PATCH 3/5] config.scm.in: rename to config.scm.in.in, substitute from Makefile., ulfvonbelow, 2023/02/02