[rock-linux] [PATCH] cron

ROCK Mailing List Archives

Attachments
Entire message
+ (text/plain)
+ chown.patch (text/plain)
+ (text/plain)
Author: Alan J. Wylie
Date:  
To: rock-linux
Subject: [rock-linux] [PATCH] cron

*** Please audit this code carefully - it is security sensitive ***

[X] applies
[X] compiles
[X] runs

The new version of the debian patches cron (3.0pl1-81) will not allow
non-root users to edit cron files.

This patch sets the owner of the temporary directory and the file to
that of the user, and the group to root.

diff -Naur cron.orig/crontab.c cron.new/crontab.c
--- cron.orig/crontab.c 2004-01-19 11:08:51.000000000 +0000
+++ cron.new/crontab.c 2004-01-19 11:13:57.000000000 +0000
@@ -390,6 +390,14 @@
                 return -1;
         }

+ /* change ownership of directory to user, group to root */
+ if (chown (Directory, pw->pw_uid, 0) != 0) {
+ perror(Directory);
+ rmdir(Directory);
+ Directory[0] = '\0';
+ return -1;
+ }
+
         /* Now create the actual temporary crontab file */
         if (snprintf(Filename, MAX_FNAME, "%s/crontab", Directory)
             >= MAX_FNAME) {
@@ -402,6 +410,17 @@
                 Filename[0] = '\0';
                 return -1;
         }
+
+ /* change ownership of file to user, group to root */
+ if (fchown (nfd, pw->pw_uid, 0) != 0) {
+ perror(Filename);
+ close(Filename);
+ unlink(Filename);
+ rmdir(Directory);
+ Filename[0] = '\0';
+ return -1;
+ }
+
         return nfd;
 }


-- 
Alan J. Wylie           Frogtrade, Halifax, UK      http://www.frogtrade.com/
alan.wylie (at) frogtrade.com