From c7ecdb0fcbcdbdd4d7222a2b692b3fd3681a5a47 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Wed, 27 Jan 2010 22:36:27 +0100
Subject: maint: add a syntax-check rule to check for vulnerable Makefile.in

* cfg.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
---
 cfg.mk | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/cfg.mk b/cfg.mk
index b5a21c3fc..6fc10ee2a 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -246,6 +246,19 @@ sc_prohibit_sleep:
 	msg='prefer xnanosleep over other sleep interfaces'		\
 	  $(_prohibit_regexp)
 
+sc_vulnerable_makefile_CVE-2009-4029:
+	@files=$$(find $(srcdir) -name Makefile.in);			\
+	if test -n "$$files"; then					\
+	  grep -E							\
+	    'perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)'	\
+	    $$files &&							\
+	  { echo '$(ME): the above files are vulnerable; beware of'	\
+	    'running "make dist*" rules, and upgrade to fixed automake'	\
+	    'see http://bugzilla.redhat.com/542609 for details'		\
+		1>&2; exit 1; } || :;					\
+	else :;								\
+	fi
+
 include $(srcdir)/dist-check.mk
 
 update-copyright-env = \
-- 
cgit v1.2.3-54-g00ecf