summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2002-08-02 22:40:49 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2002-08-02 22:40:49 +0000
commit89a7f2efe415a75eb8e9f88d3363ac9a91c21381 (patch)
tree5fde34c7709c47df76a569c3b9729eba2bf3ac53
parent80555de4b9c56845e6ff1aece858f2f0d981b54e (diff)
o Instead of passing "*system*" as the fname to process_crontab()
for the system crontab file, pass a NULL pointer instead. This prevents someone from creating a "*system*" file in the tabs directory that acts as an alternate root crontab. o Fix the check for tab file ownership. This really only affected the system crontab file, which must not be owned by root. deraadt@ OK
-rw-r--r--usr.sbin/cron/database.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/usr.sbin/cron/database.c b/usr.sbin/cron/database.c
index fca3d81225c..3a30ae75e1b 100644
--- a/usr.sbin/cron/database.c
+++ b/usr.sbin/cron/database.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: database.c,v 1.7 2002/07/08 18:11:02 millert Exp $ */
+/* $OpenBSD: database.c,v 1.8 2002/08/02 22:40:48 millert Exp $ */
/* Copyright 1988,1990,1993,1994 by Paul Vixie
* All rights reserved
*/
@@ -21,7 +21,7 @@
*/
#if !defined(lint) && !defined(LINT)
-static char const rcsid[] = "$OpenBSD: database.c,v 1.7 2002/07/08 18:11:02 millert Exp $";
+static char const rcsid[] = "$OpenBSD: database.c,v 1.8 2002/08/02 22:40:48 millert Exp $";
#endif
/* vix 26jan87 [RCS has the log]
@@ -81,8 +81,7 @@ load_database(cron_db *old_db) {
new_db.head = new_db.tail = NULL;
if (syscron_stat.st_mtime) {
- process_crontab("root", "*system*",
- SYSCRONTAB, &syscron_stat,
+ process_crontab("root", NULL, SYSCRONTAB, &syscron_stat,
&new_db, old_db);
}
@@ -183,7 +182,11 @@ process_crontab(const char *uname, const char *fname, const char *tabname,
int crontab_fd = OK - 1;
user *u;
- if (strcmp(fname, "*system*") != 0 && !(pw = getpwnam(uname))) {
+ if (fname == NULL) {
+ /* must be set to something.
+ */
+ fname = "*system*";
+ } else if ((pw = getpwnam(uname)) == NULL) {
/* file doesn't have a user in passwd file.
*/
log_it(fname, getpid(), "ORPHAN", "no passwd entry");
@@ -209,7 +212,7 @@ process_crontab(const char *uname, const char *fname, const char *tabname,
log_it(fname, getpid(), "BAD FILE MODE", tabname);
goto next_crontab;
}
- if (statbuf->st_uid != 0 && pw && statbuf->st_uid != pw->pw_uid) {
+ if (statbuf->st_uid != 0 && (!pw || statbuf->st_uid != pw->pw_uid)) {
log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
goto next_crontab;
}