svn commit: r232551 - stable/8/usr.sbin/cron/crontab
Xin LI
delphij at FreeBSD.org
Mon Mar 5 17:09:17 UTC 2012
Author: delphij
Date: Mon Mar 5 17:09:16 2012
New Revision: 232551
URL: http://svn.freebsd.org/changeset/base/232551
Log:
MFC r232202:
Drop setuid status while doing file operations to prevent potential
information leak. This changeset is intended to be a minimal one
to make backports easier.
Reviewed by: kevlo, remko
Modified:
stable/8/usr.sbin/cron/crontab/crontab.c
Directory Properties:
stable/8/usr.sbin/cron/ (props changed)
stable/8/usr.sbin/cron/crontab/ (props changed)
Modified: stable/8/usr.sbin/cron/crontab/crontab.c
==============================================================================
--- stable/8/usr.sbin/cron/crontab/crontab.c Mon Mar 5 17:08:42 2012 (r232550)
+++ stable/8/usr.sbin/cron/crontab/crontab.c Mon Mar 5 17:09:16 2012 (r232551)
@@ -194,6 +194,17 @@ parse_args(argc, argv)
}
if (Option == opt_replace) {
+ /* relinquish the setuid status of the binary during
+ * the open, lest nonroot users read files they should
+ * not be able to read. we can't use access() here
+ * since there's a race condition. thanks go out to
+ * Arnt Gulbrandsen <agulbra at pvv.unit.no> for spotting
+ * the race.
+ */
+
+ if (swap_uids() < OK)
+ err(ERROR_EXIT, "swapping uids");
+
/* we have to open the file here because we're going to
* chdir(2) into /var/cron before we get around to
* reading the file.
@@ -204,21 +215,11 @@ parse_args(argc, argv)
!strcmp(resolved_path, SYSCRONTAB)) {
err(ERROR_EXIT, SYSCRONTAB " must be edited manually");
} else {
- /* relinquish the setuid status of the binary during
- * the open, lest nonroot users read files they should
- * not be able to read. we can't use access() here
- * since there's a race condition. thanks go out to
- * Arnt Gulbrandsen <agulbra at pvv.unit.no> for spotting
- * the race.
- */
-
- if (swap_uids() < OK)
- err(ERROR_EXIT, "swapping uids");
if (!(NewCrontab = fopen(Filename, "r")))
err(ERROR_EXIT, "%s", Filename);
- if (swap_uids_back() < OK)
- err(ERROR_EXIT, "swapping uids back");
}
+ if (swap_uids_back() < OK)
+ err(ERROR_EXIT, "swapping uids back");
}
Debug(DMISC, ("user=%s, file=%s, option=%s\n",
@@ -363,11 +364,15 @@ edit_cmd() {
goto fatal;
}
again:
+ if (swap_uids() < OK)
+ err(ERROR_EXIT, "swapping uids");
if (stat(Filename, &statbuf) < 0) {
warn("stat");
fatal: unlink(Filename);
exit(ERROR_EXIT);
}
+ if (swap_uids_back() < OK)
+ err(ERROR_EXIT, "swapping uids back");
if (statbuf.st_dev != fsbuf.st_dev || statbuf.st_ino != fsbuf.st_ino)
errx(ERROR_EXIT, "temp file must be edited in place");
if (MD5File(Filename, orig_md5) == NULL) {
@@ -433,6 +438,8 @@ edit_cmd() {
editor, WTERMSIG(waiter), WCOREDUMP(waiter) ?"" :"no ");
goto fatal;
}
+ if (swap_uids() < OK)
+ err(ERROR_EXIT, "swapping uids");
if (stat(Filename, &statbuf) < 0) {
warn("stat");
goto fatal;
@@ -443,6 +450,8 @@ edit_cmd() {
warn("MD5");
goto fatal;
}
+ if (swap_uids_back() < OK)
+ err(ERROR_EXIT, "swapping uids back");
if (strcmp(orig_md5, new_md5) == 0 && !syntax_error) {
warnx("no changes made to crontab");
goto remove;
More information about the svn-src-stable
mailing list