nixpkgs/pkgs/tools/system/cron/default.nix
Christian Kauhaus 0c0f068f35
cron: fix crontab(5) and cron job PATH
Switch off HAVE_SAVED_UIDS since it activates a code path for temporary
privilege dropping which does not work on NixOS.

Vixie-cron's sources ship with two implementations. Unfortunately, the
one activated by HAVE_SAVED_UIDS (using setuid()) does not work on
NixOS. Saved UIDs work only if the program which is using them has the
setuid bit set on its own executable, not if called from a setuid
wrapper (as we do it in NixOS). The other implementation (using
setreuid()) works without problems.

Quote from
<http://stackoverflow.com/questions/8499296/realuid-saved-uid-effective-uid-whats-going-on>:

    If you're euid is root and you change the uid, the privileges gets
    dropped permanently.If effective user id is not root then saved user
    id is never touched and you can regain the root privilege back
    anytime you want in your program.

Also extend the default PATH with NixOS-specific bin directories as
vixie-cron's default is not really usable on NixOS.

Re #16518

Closes #16522
2016-07-02 00:09:07 +02:00

38 lines
1.3 KiB
Nix

{stdenv, fetchurl, sendmailPath ? "/usr/sbin/sendmail"}:
stdenv.mkDerivation {
name = "cron-4.1";
src = fetchurl {
url = ftp://ftp.isc.org/isc/cron/cron_4.1.shar;
sha256 = "16n3dras4b1jh7g958nz1k54pl9pg5fwb3fvjln8z67varvq6if4";
};
unpackCmd = "(mkdir cron && cd cron && sh $curSrc)";
preBuild = ''
substituteInPlace Makefile --replace ' -o root' ' ' --replace 111 755
makeFlags="DESTROOT=$out"
# We want to ignore the $glibc/include/paths.h definition of
# sendmail path.
# Also set a usable default PATH (#16518).
cat >> pathnames.h <<__EOT__
#undef _PATH_SENDMAIL
#define _PATH_SENDMAIL "${sendmailPath}"
#undef _PATH_DEFPATH
#define _PATH_DEFPATH "/var/setuid-wrappers:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/run/current-system/sw/bin:/run/current-system/sw/sbin:/usr/bin:/bin"
__EOT__
# Implicit saved uids do not work here due to way NixOS uses setuid wrappers
# (#16518).
echo "#undef HAVE_SAVED_UIDS" >> externs.h
'';
preInstall = "mkdir -p $out/bin $out/sbin $out/share/man/man1 $out/share/man/man5 $out/share/man/man8";
meta = {
description = "Daemon for running commands at specific times (Vixie Cron)";
platforms = stdenv.lib.platforms.linux;
};
}