[PATCH 5/5] crontab-access: replace with wrapper, rename to crontab-acce

bug-mcron

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 5/5] crontab-access: replace with wrapper, rename to crontab-acce

From:	ulfvonbelow
Subject:	[PATCH 5/5] crontab-access: replace with wrapper, rename to crontab-access-real.
Date:	Thu, 2 Feb 2023 19:29:52 +0000

The wrapper has two purposes:
1. Not being a script, thereby eliminating the issues with setuid scripts.
2. Purging the environment. crontab-access-real has no need for any
   environment variables to do its work, so to prevent tampering with dynamic
   linker, libc, or guile, we may as well just unset them all.

This wrapper does introduce a requirement for a C compiler. Ideally it would
be conditional based on whether the wrapper is even going to be built, but
autoconf doesn't like that one bit. Someone with more experience with
autotools should sort that out. In the meantime I guess anyone wanting to
build without a C compiler being present is going to have to edit configure.ac
and re-run bootstrap.

* src/crontab-access.in: renamed to src/crontab-access-real.in
* src/crontab-access.c.in: new file, wrapper for crontab-access-real.
* Makefile.am: inform about crontab-access.c.in and name change to
  crontab-access-real. Put crontab-access-real in libexecdir.
---
 Makefile.am                                   | 19 ++++++++++++++++---
 configure.ac                                  |  8 ++++++++
 ...ontab-access.in => crontab-access-real.in} |  0
 src/crontab-access.c.in                       | 10 ++++++++++
 4 files changed, 34 insertions(+), 3 deletions(-)
 rename src/{crontab-access.in => crontab-access-real.in} (100%)
 create mode 100644 src/crontab-access.c.in

diff --git a/Makefile.am b/Makefile.am
index 4aff2ae..2a87d72 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -26,11 +26,18 @@ noinst_SCRIPTS =
 
 if MULTI_USER
 bin_SCRIPTS += bin/crontab
-sbin_SCRIPTS = bin/cron bin/crontab-access
+sbin_SCRIPTS = bin/cron
+libexec_SCRIPTS = bin/crontab-access-real
+sbin_PROGRAMS = bin/crontab-access
 else
-noinst_SCRIPTS += bin/cron bin/crontab bin/crontab-access
+noinst_SCRIPTS += bin/cron bin/crontab bin/crontab-access-real
+noinst_PROGRAMS = bin/crontab-access
 endif
 
+# The dynamic linker should detect that it's being run for a setuid program,
+# but we take no chances.
+bin_crontab_access_LDFLAGS = -static
+
 # wrapper to be used in the build environment and for running tests.
 noinst_SCRIPTS += pre-inst-env
 
@@ -81,6 +88,8 @@ compiled_modules = \
 CLEANFILES = $(compiled_modules) \
        bin/crontab \
        bin/crontab-access \
+       src/crontab-access.c \
+       bin/crontab-access-real \
         bin/cron \
        bin/mcron
 DISTCLEANFILES = src/mcron/config.scm
@@ -123,6 +132,9 @@ do_subst = sed      -e 's,%PREFIX%,${prefix},g'             
                \
 src/mcron/config.scm: src/mcron/config.scm.in Makefile
        $(AM_V_GEN)$(do_subst) $< > $@
 
+src/crontab-access.c: src/crontab-access.c.in Makefile
+       $(AM_V_GEN)$(do_subst) $< > $@
+
 bin/% : src/%.in Makefile
        $(AM_V_GEN)$(MKDIR_P) bin ; \
          $(do_subst) $< > $@ ; \
@@ -163,7 +175,8 @@ EXTRA_DIST = \
   HACKING \
   src/cron.in \
   src/crontab.in \
-  src/crontab-access.in \
+  src/crontab-access-real.in \
+  src/crontab-access.c.in \
   src/mcron.in \
   tests/init.sh \
   $(TESTS)
diff --git a/configure.ac b/configure.ac
index 7ea532f..b79e3c3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,6 +65,14 @@ AC_ARG_ENABLE([multi-user],
     [Don't Install legacy cron and crontab programs])],
   [enable_multi_user="$enableval"],
   [enable_multi_user="yes"])
+
+dnl Not possible to run this conditionally?
+AC_PROG_CC
+dnl AS_IF([test "x$enable_multi_user" = xyes],
+dnl   [# Need a C compiler to compile setuid wrapper
+dnl   AC_PROG_CC]
+dnl fi
+
 AM_CONDITIONAL([MULTI_USER], [test "x$enable_multi_user" = xyes])
 
 # Configure the various files that mcron uses at runtime.
diff --git a/src/crontab-access.in b/src/crontab-access-real.in
similarity index 100%
rename from src/crontab-access.in
rename to src/crontab-access-real.in
diff --git a/src/crontab-access.c.in b/src/crontab-access.c.in
new file mode 100644
index 0000000..652b9cc
--- /dev/null
+++ b/src/crontab-access.c.in
@@ -0,0 +1,10 @@
+#include <unistd.h>
+
+int main(int argc, char **argv)
+{
+  char *envp = NULL;
+  execve("%libexecdir%/crontab-access-real",
+         argv, &envp);
+  /* Should not get here! */
+  return 1;
+}
-- 
2.38.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/5] Make vixie cron mode actually work, and work safely, ulfvonbelow, 2023/02/02
- [PATCH 2/5] Makefile.am: don't install cron as setuid., ulfvonbelow, 2023/02/02
- [PATCH 4/5] crontab: split into crontab and setuid helper crontab-access., ulfvonbelow, 2023/02/02
- [PATCH 5/5] crontab-access: replace with wrapper, rename to crontab-access-real., ulfvonbelow <=
- [PATCH 1/5] cron: use signal numbers instead of symbols., ulfvonbelow, 2023/02/02
- [PATCH 3/5] config.scm.in: rename to config.scm.in.in, substitute from Makefile., ulfvonbelow, 2023/02/02

Prev by Date: [PATCH 4/5] crontab: split into crontab and setuid helper crontab-access.
Next by Date: [PATCH 0/5] Make vixie cron mode actually work, and work safely
Previous by thread: [PATCH 4/5] crontab: split into crontab and setuid helper crontab-access.
Next by thread: [PATCH 1/5] cron: use signal numbers instead of symbols.
Index(es):
- Date
- Thread