>From 747ae47c53b1f312371730da27bb27732748ac0c Mon Sep 17 00:00:00 2001
From: Michael Shigorin <mike@altlinux.org>
Date: Wed, 5 Mar 2014 21:20:50 +0400
Subject: [PATCH 1/6] [sec] lib/functions.mk: ifdef vars before exporting

xport() would happily yield an _empty_ GLOBAL_VAR
when told to export an _undefined_ VAR by name.

This may result in a security problem when using deflogin feature:
- one can use/deflogin to configure user passwords but not root one;
- ROOTPW is unset (undefined) then but still marked for export;
- distcfg.mk gets "export GLOBAL_ROOTPW = $(ROOTPW)";
- 50-root script hook carefully checks for _unset_ variable
  but it's been _set_ to empty due to the implementation;
- thus empty root password is set instead of not setting it at all
  opening up the system to local unauthorized access
  or local privilege escalation.

Wonder if make-3.82+ behaves differently when setting a variable
to an unset one... it's not the 'undefine' directive in the NEWS.
I must be careful at any rate though.
---
 lib/functions.mk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/functions.mk b/lib/functions.mk
index 6a3f38c..4364a46 100644
--- a/lib/functions.mk
+++ b/lib/functions.mk
@@ -41,7 +41,8 @@ xport = $(and $(1),$(xport_body))
 define xport_body
 { $(log_body); \
 v='$(1:GLOBAL_%=%)'; \
-printf 'export GLOBAL_%s = $$(%s)\n' "$$v" "$$v" >> "$(CONFIG)"; }
+printf 'ifdef %s\nexport GLOBAL_%s = $$(%s)\nendif\n' "$$v" "$$v" "$$v" \
+	>> "$(CONFIG)"; }
 endef
 
 # if the rule being executed isn't logged yet, log it
-- 
1.8.3.4