maint: add a syntax-check rule to check for vulnerable Makefile.in

* cfg.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
author: Jim Meyering <meyering@redhat.com> 2010-01-27 22:36:27 +0100
committer: Jim Meyering <meyering@redhat.com> 2010-01-27 22:41:33 +0100
commit: c7ecdb0fcbcdbdd4d7222a2b692b3fd3681a5a47 (patch)
tree: 12e2820c1d63eb8d05ef985bb7d8e0097f8558db
parent: aad0bde0b5aa6ccf2714f43676d4941f820c6283 (diff)
download: coreutils-c7ecdb0fcbcdbdd4d7222a2b692b3fd3681a5a47.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/cfg.mk b/cfg.mk
index b5a21c3fc..6fc10ee2a 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -246,6 +246,19 @@ sc_prohibit_sleep:
 	msg='prefer xnanosleep over other sleep interfaces'		\
 	  $(_prohibit_regexp)
 
+sc_vulnerable_makefile_CVE-2009-4029:
+	@files=$$(find $(srcdir) -name Makefile.in);			\
+	if test -n "$$files"; then					\
+	  grep -E							\
+	    'perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)'	\
+	    $$files &&							\
+	  { echo '$(ME): the above files are vulnerable; beware of'	\
+	    'running "make dist*" rules, and upgrade to fixed automake'	\
+	    'see http://bugzilla.redhat.com/542609 for details'		\
+		1>&2; exit 1; } || :;					\
+	else :;								\
+	fi
+
 include $(srcdir)/dist-check.mk
 
 update-copyright-env = \
author	Jim Meyering <meyering@redhat.com>	2010-01-27 22:36:27 +0100
committer	Jim Meyering <meyering@redhat.com>	2010-01-27 22:41:33 +0100
commit	c7ecdb0fcbcdbdd4d7222a2b692b3fd3681a5a47 (patch)
tree	12e2820c1d63eb8d05ef985bb7d8e0097f8558db
parent	aad0bde0b5aa6ccf2714f43676d4941f820c6283 (diff)
download	coreutils-c7ecdb0fcbcdbdd4d7222a2b692b3fd3681a5a47.tar.xz