/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2016-03-17 20:40:55 UTC
  • Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2.  This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
  allocating new_argv.  Also tolerate a zero-length argv.

Show diffs side-by-side

added added

removed removed

Lines of Context:
Makefile
10
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
        -Wvolatile-register-var -Woverlength-strings
13
 
#DEBUG=-ggdb3 -fsanitize=address 
 
13
#DEBUG=-ggdb3
14
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
17
17
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
18
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
 
18
ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \
19
19
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
20
20
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
21
21
        -fsanitize=return -fsanitize=signed-integer-overflow \
40
40
OPTIMIZE=-Os -fno-strict-aliasing
41
41
LANGUAGE=-std=gnu11
42
42
htmldir=man
43
 
version=1.7.15
 
43
version=1.7.6
44
44
SED=sed
45
45
 
46
46
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
75
75
##
76
76
 
77
77
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
78
 
TMPFILES=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
79
78
 
80
79
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
81
80
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
283
282
run-client: all keydir/seckey.txt keydir/pubkey.txt
284
283
        @echo "###################################################################"
285
284
        @echo "# The following error messages are harmless and can be safely     #"
286
 
        @echo "# ignored:                                                        #"
 
285
        @echo "# ignored.  The messages are caused by not running as root, but   #"
 
286
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
 
287
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
287
288
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
288
289
        @echo "#                     setuid: Operation not permitted             #"
289
290
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
290
291
        @echo "# From mandos-client:                                             #"
291
292
        @echo "#             Failed to raise privileges: Operation not permitted #"
292
293
        @echo "#             Warning: network hook \"*\" exited with status *      #"
293
 
        @echo "#                                                                 #"
294
 
        @echo "# (The messages are caused by not running as root, but you should #"
295
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
296
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
297
294
        @echo "###################################################################"
298
295
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
299
296
        ./plugin-runner --plugin-dir=plugins.d \
340
337
        elif install --directory --mode=u=rwx $(STATEDIR); then \
341
338
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
342
339
        fi
343
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
344
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
345
 
                        $(TMPFILES)/mandos.conf; \
346
 
        fi
347
340
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
348
341
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
349
342
                mandos-ctl
385
378
                $(LIBDIR)/mandos/plugin-helpers
386
379
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
387
380
                install --mode=u=rwx \
388
 
                        --directory "$(CONFDIR)/plugins.d" \
389
 
                        "$(CONFDIR)/plugin-helpers"; \
 
381
                        --directory "$(CONFDIR)/plugins.d"; \
 
382
                install --directory "$(CONFDIR)/plugin-helpers"; \
390
383
        fi
391
384
        install --mode=u=rwx,go=rx --directory \
392
385
                "$(CONFDIR)/network-hooks.d"
412
405
        install --mode=u=rwxs,go=rx \
413
406
                --target-directory=$(LIBDIR)/mandos/plugins.d \
414
407
                plugins.d/plymouth
415
 
        install --mode=u=rwx,go=rx \
 
408
        install --mode=u=rwxs,go=rx \
416
409
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
417
410
                plugin-helpers/mandos-client-iprouteadddel
418
411
        install initramfs-tools-hook \