diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2002-08-04 22:10:25 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2002-08-04 22:10:25 +0000 |
commit | 8985e75974a36706c74570a928ed3cf237ebc5a9 (patch) | |
tree | 9a585a5f185393bf6ac06a7fba9d0da0bad6a24b /usr.sbin | |
parent | 23c9f0d208459e8d55a1247aad85e8f6714bae83 (diff) |
Extra paranoia -- check that pw_name matches the crontab user's name.
Should not really be needed since we do uid checks but it can't hurt.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/cron/database.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/usr.sbin/cron/database.c b/usr.sbin/cron/database.c index 3a30ae75e1b..9e58b2e9f2c 100644 --- a/usr.sbin/cron/database.c +++ b/usr.sbin/cron/database.c @@ -1,4 +1,4 @@ -/* $OpenBSD: database.c,v 1.8 2002/08/02 22:40:48 millert Exp $ */ +/* $OpenBSD: database.c,v 1.9 2002/08/04 22:10:24 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * All rights reserved */ @@ -21,7 +21,7 @@ */ #if !defined(lint) && !defined(LINT) -static char const rcsid[] = "$OpenBSD: database.c,v 1.8 2002/08/02 22:40:48 millert Exp $"; +static char const rcsid[] = "$OpenBSD: database.c,v 1.9 2002/08/04 22:10:24 millert Exp $"; #endif /* vix 26jan87 [RCS has the log] @@ -81,7 +81,7 @@ load_database(cron_db *old_db) { new_db.head = new_db.tail = NULL; if (syscron_stat.st_mtime) { - process_crontab("root", NULL, SYSCRONTAB, &syscron_stat, + process_crontab(ROOT_USER, NULL, SYSCRONTAB, &syscron_stat, &new_db, old_db); } @@ -183,7 +183,7 @@ process_crontab(const char *uname, const char *fname, const char *tabname, user *u; if (fname == NULL) { - /* must be set to something. + /* must be set to something for logging purposes. */ fname = "*system*"; } else if ((pw = getpwnam(uname)) == NULL) { @@ -212,7 +212,8 @@ process_crontab(const char *uname, const char *fname, const char *tabname, log_it(fname, getpid(), "BAD FILE MODE", tabname); goto next_crontab; } - if (statbuf->st_uid != 0 && (!pw || statbuf->st_uid != pw->pw_uid)) { + if (statbuf->st_uid != 0 && (pw == NULL || + statbuf->st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) { log_it(fname, getpid(), "WRONG FILE OWNER", tabname); goto next_crontab; } |