diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2002-08-02 22:40:49 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2002-08-02 22:40:49 +0000 |
commit | 89a7f2efe415a75eb8e9f88d3363ac9a91c21381 (patch) | |
tree | 5fde34c7709c47df76a569c3b9729eba2bf3ac53 | |
parent | 80555de4b9c56845e6ff1aece858f2f0d981b54e (diff) |
o Instead of passing "*system*" as the fname to process_crontab()
for the system crontab file, pass a NULL pointer instead. This
prevents someone from creating a "*system*" file in the tabs directory
that acts as an alternate root crontab.
o Fix the check for tab file ownership. This really only affected
the system crontab file, which must not be owned by root.
deraadt@ OK
-rw-r--r-- | usr.sbin/cron/database.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/usr.sbin/cron/database.c b/usr.sbin/cron/database.c index fca3d81225c..3a30ae75e1b 100644 --- a/usr.sbin/cron/database.c +++ b/usr.sbin/cron/database.c @@ -1,4 +1,4 @@ -/* $OpenBSD: database.c,v 1.7 2002/07/08 18:11:02 millert Exp $ */ +/* $OpenBSD: database.c,v 1.8 2002/08/02 22:40:48 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * All rights reserved */ @@ -21,7 +21,7 @@ */ #if !defined(lint) && !defined(LINT) -static char const rcsid[] = "$OpenBSD: database.c,v 1.7 2002/07/08 18:11:02 millert Exp $"; +static char const rcsid[] = "$OpenBSD: database.c,v 1.8 2002/08/02 22:40:48 millert Exp $"; #endif /* vix 26jan87 [RCS has the log] @@ -81,8 +81,7 @@ load_database(cron_db *old_db) { new_db.head = new_db.tail = NULL; if (syscron_stat.st_mtime) { - process_crontab("root", "*system*", - SYSCRONTAB, &syscron_stat, + process_crontab("root", NULL, SYSCRONTAB, &syscron_stat, &new_db, old_db); } @@ -183,7 +182,11 @@ process_crontab(const char *uname, const char *fname, const char *tabname, int crontab_fd = OK - 1; user *u; - if (strcmp(fname, "*system*") != 0 && !(pw = getpwnam(uname))) { + if (fname == NULL) { + /* must be set to something. + */ + fname = "*system*"; + } else if ((pw = getpwnam(uname)) == NULL) { /* file doesn't have a user in passwd file. */ log_it(fname, getpid(), "ORPHAN", "no passwd entry"); @@ -209,7 +212,7 @@ process_crontab(const char *uname, const char *fname, const char *tabname, log_it(fname, getpid(), "BAD FILE MODE", tabname); goto next_crontab; } - if (statbuf->st_uid != 0 && pw && statbuf->st_uid != pw->pw_uid) { + if (statbuf->st_uid != 0 && (!pw || statbuf->st_uid != pw->pw_uid)) { log_it(fname, getpid(), "WRONG FILE OWNER", tabname); goto next_crontab; } |