SOURCES: vixie-cron-sgid-crontab.patch - updated (but it's just co...

Mon Jul 25 12:46:20 CEST 2005

Author: prism                        Date: Mon Jul 25 10:46:20 2005 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- updated (but it's just cosmetics now, maybe it's not so needed)

---- Files affected:
SOURCES:
   vixie-cron-sgid-crontab.patch (1.1 -> 1.2) 

---- Diffs:

================================================================
Index: SOURCES/vixie-cron-sgid-crontab.patch
diff -u SOURCES/vixie-cron-sgid-crontab.patch:1.1 SOURCES/vixie-cron-sgid-crontab.patch:1.2

--- SOURCES/vixie-cron-sgid-crontab.patch:1.1	Fri Aug 15 11:35:02 2003
+++ SOURCES/vixie-cron-sgid-crontab.patch	Mon Jul 25 12:46:14 2005
@@ -1,140 +1,29 @@
---- vixie-cron-3.0.1/database.c.orig	2003-08-15 10:32:02.000000000 +0200
-+++ vixie-cron-3.0.1/database.c	2003-08-15 10:36:17.000000000 +0200
-@@ -24,7 +24,9 @@
- 
- 
- #include "cron.h"
-+#define __USE_GNU
- #include <fcntl.h>
-+#undef __USE_GNU
- #include <sys/stat.h>
- #include <sys/file.h>
- 
-@@ -209,8 +211,28 @@
- 		log_it(fname, getpid(), "ORPHAN", "no passwd entry");
+diff -uNr vixie-cron-4.1.p21/database.c vixie-cron-4.1/database.c
+--- vixie-cron-4.1.p21/database.c	2005-07-24 22:39:30.000000000 +0200
++++ vixie-cron-4.1/database.c	2005-07-24 23:50:09.000000000 +0200
+@@ -234,7 +234,12 @@
  		goto next_crontab;
  	}
+ 
 +#ifdef __linux
-+/*
-+ * Linux 2.2+, glibc 2.1+.
-+ *
-+ * This and the checks below are an attempt to reduce the damage that
-+ * can be done by someone with write access to the crontab directory.
-+ * Once the crontab binary is no longer SUID root, a vulnerability in
-+ * crontab wouldn't provide root access any longer, so it makes sense
-+ * for cron to not trust the directory contents.
-+ */
-+	if ((crontab_fd = open(tabname, O_RDONLY | O_NOFOLLOW, 0)) < OK) {
+ 	if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < OK) {
 +#else
-+/*
-+ * XXX: should use lstat before open and a dev/ino check afterwards.
-+ * In fact, that would be helpful with O_NOFOLLOW as well due to the
-+ * side-effects on open and possibility for device hard links.  (Write
-+ * access to the crontab directory implies DoS possibilities for cron,
-+ * but doesn't have to allow for new attacks on the rest of the system.)
-+ */ 
- 
- 	if ((crontab_fd = open(tabname, O_RDONLY, 0)) < OK) {
++	if ((crontab_fd = open(tabname, O_RDONLY, 0)) < OK) {
 +#endif
++
  		/* crontab not accessible?
  		 */
  		log_it(fname, getpid(), "CAN'T OPEN", tabname);
-@@ -222,6 +244,26 @@
- 		goto next_crontab;
- 	}
- 
-+	if (pw &&
-+	    statbuf->st_uid != pw->pw_uid &&
-+	    statbuf->st_uid != ROOT_UID) {
-+		log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
-+		goto next_crontab;
-+	}
-+
-+/*
-+ * The link count check is not sufficient (the owner may delete their
-+ * original link, reducing the link count back to 1), but this is all
-+ * we've got.
-+ */
-+	if (pw &&
-+	    (!S_ISREG(statbuf->st_mode) ||
-+	    statbuf->st_nlink != 1 ||
-+	    (statbuf->st_mode & 07777) != 0600)) {
-+		log_it(fname, getpid(), "WRONG INODE INFO", tabname); 
-+		goto next_crontab;
-+	}
-+
- 	Debug(DLOAD, ("\t%s:", fname))
- 	u = find_user(old_db, fname);
- 	if (u != NULL) {
---- vixie-cron-3.0.1/misc.c.orig	2003-08-15 10:36:23.000000000 +0200
-+++ vixie-cron-3.0.1/misc.c	2003-08-15 10:38:04.000000000 +0200
-@@ -655,10 +655,21 @@
- 
- 
- #ifdef HAVE_SAVED_SUIDS
--static int save_euid;
--int swap_uids() { save_euid = geteuid(); return seteuid(getuid()); }
--int swap_uids_back() { return seteuid(save_euid); }
-+static uid_t save_euid, save_egid;
-+int swap_uids()
-+{
-+	save_euid = geteuid(); save_egid = getegid();
-+	return (setegid(getgid()) || seteuid(getuid())) ? -1 : 0;
-+}
-+int swap_uids_back()
-+{
-+	return (setegid(save_egid) || seteuid(save_euid)) ? -1 : 0;
-+} 
- #else /*HAVE_SAVED_UIDS*/
--int swap_uids() { return setreuid(geteuid(), getuid()); }
-+int swap_uids()
-+{
-+	return (setregid(getegid(), getgid()) || setreuid(geteuid(), getuid()))
-+		? -1 : 0;
-+} 
- int swap_uids_back() { return swap_uids(); }
- #endif /*HAVE_SAVED_UIDS*/
---- vixie-cron-3.0.1/crontab.c.orig	2003-08-15 10:45:52.000000000 +0200
-+++ vixie-cron-3.0.1/crontab.c	2003-08-15 10:47:45.000000000 +0200
-@@ -103,7 +103,6 @@
- 	setlinebuf(stderr);
+diff -uNr vixie-cron-4.1.p21/externs.h vixie-cron-4.1/externs.h
+--- vixie-cron-4.1.p21/externs.h	2005-07-23 12:40:30.000000000 +0200
++++ vixie-cron-4.1/externs.h	2005-07-24 23:46:21.000000000 +0200
+@@ -36,7 +36,9 @@
  #endif
- 	parse_args(argc, argv);		/* sets many globals, opens a file */
--	set_cron_uid();
- 	set_cron_cwd();
- 	if (!allowed(User)) {
- 		fprintf(stderr,
-@@ -410,6 +409,10 @@
- 		goto fatal;
- 	case 0:
- 		/* child */
-+		if (setgid(getgid()) < 0) {
-+			perror("setgid(getgid())");
-+			exit(ERROR_EXIT);
-+		}
- 		if (setuid(saved_uid) < 0) {
- 			perror("setuid(getuid())");
- 			exit(ERROR_EXIT);
-@@ -507,6 +510,7 @@
- 	FILE	*tmp;
- 	int	ch, eof;
- 	entry	*e;
-+	uid_t	file_owner;
- 	time_t	now = time(NULL);
- 	char	**envp = env_init();
- 
-@@ -570,11 +574,12 @@
- 		fclose(tmp);  unlink(tn);
- 		return (-1);
- 	}
-+	file_owner = (getgid() == getegid()) ? ROOT_UID : pw->pw_uid;
- 
- #ifdef HAS_FCHOWN
--	if (fchown(fileno(tmp), ROOT_UID, -1) < OK)
-+	if (fchown(fileno(tmp), file_owner, -1) < OK)
- #else
--	if (chown(tn, ROOT_UID, -1) < OK)
-+	if (chown(TempFilename, file_owner, -1) < OK)
- #endif
- 	{
- 		perror("chown");
+ #include <dirent.h>
+ #include <errno.h>
++#define __USE_GNU
+ #include <fcntl.h>
++#undef __USE_GNU
+ #include <grp.h>
+ #include <locale.h>
+ #include <pwd.h>
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/vixie-cron-sgid-crontab.patch?r1=1.1&r2=1.2&f=u


