maint: add a syntax-check rule to check for vulnerable Makefile.in

author Jim Meyering <meyering@redhat.com>

Wed, 27 Jan 2010 21:36:27 +0000 (22:36 +0100)

committer Jim Meyering <meyering@redhat.com>

Wed, 27 Jan 2010 21:41:33 +0000 (22:41 +0100)
author Jim Meyering <meyering@redhat.com>
Wed, 27 Jan 2010 21:36:27 +0000 (22:36 +0100)
committer Jim Meyering <meyering@redhat.com>
Wed, 27 Jan 2010 21:41:33 +0000 (22:41 +0100)
diff --git a/cfg.mk b/cfg.mk

index b5a21c3fcba0e585fde8df3fa4b48f40ce285ce7..6fc10ee2a25dc7f063b9567ac1f106e1f168ac59 100644 (file)
--- a/cfg.mk
+++ b/cfg.mk
@@ -246,6 +246,19 @@ sc_prohibit_sleep:
         msg='prefer xnanosleep over other sleep interfaces'             \
           $(_prohibit_regexp)
  
+sc_vulnerable_makefile_CVE-2009-4029:
+       @files=$$(find $(srcdir) -name Makefile.in);                    \
+       if test -n "$$files"; then                                      \
+         grep -E                                                       \
+           'perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)'     \
+           $$files &&                                                  \
+         { echo '$(ME): the above files are vulnerable; beware of'     \
+           'running "make dist*" rules, and upgrade to fixed automake' \
+           'see http://bugzilla.redhat.com/542609 for details'         \
+               1>&2; exit 1; } || :;                                   \
+       else :;                                                         \
+       fi
+
  include $(srcdir)/dist-check.mk
  
  update-copyright-env = \
author	Jim Meyering <meyering@redhat.com>
	Wed, 27 Jan 2010 21:36:27 +0000 (22:36 +0100)
committer	Jim Meyering <meyering@redhat.com>
	Wed, 27 Jan 2010 21:41:33 +0000 (22:41 +0100)