diff options
author | brooks <brooks@FreeBSD.org> | 2006-01-10 05:56:32 +0000 |
---|---|---|
committer | brooks <brooks@FreeBSD.org> | 2006-01-10 05:56:32 +0000 |
commit | 81ed190221d2f9a9df021b3ba5bc5afdcfb753a5 (patch) | |
tree | f6920456b5467aa3dbae252658b0a59345aa0846 | |
parent | 058bf820d7c085204b5e0b7d7d092e6d1caca552 (diff) | |
download | FreeBSD-src-81ed190221d2f9a9df021b3ba5bc5afdcfb753a5.zip FreeBSD-src-81ed190221d2f9a9df021b3ba5bc5afdcfb753a5.tar.gz |
/etc/crontab is similar enough to parse as correct if you run
"crontab /etc/crontab", but not the same format due to the who field.
Add some limited anti-foot-shooting support and refuse to load
/etc/crontab as someone's crontab. Users wishing shoot their foot in
this manner may copy /etc/crontab elsewhere. :)
MFC After: 1 week
-rw-r--r-- | usr.sbin/cron/crontab/crontab.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/usr.sbin/cron/crontab/crontab.c b/usr.sbin/cron/crontab/crontab.c index 5d61ea7..e793b0b 100644 --- a/usr.sbin/cron/crontab/crontab.c +++ b/usr.sbin/cron/crontab/crontab.c @@ -134,6 +134,7 @@ parse_args(argc, argv) char *argv[]; { int argch; + char resolved_path[PATH_MAX]; if (!(pw = getpwuid(getuid()))) errx(ERROR_EXIT, "your UID isn't in the passwd file, bailing out"); @@ -200,6 +201,9 @@ parse_args(argc, argv) */ if (!strcmp(Filename, "-")) { NewCrontab = stdin; + } else if (realpath(Filename, resolved_path) != NULL && + !strcmp(resolved_path, "/etc/crontab")) { + err(ERROR_EXIT, "/etc/crontab must be edited manually"); } else { /* relinquish the setuid status of the binary during * the open, lest nonroot users read files they should |