diff options
| author | yar <yar@FreeBSD.org> | 2007-06-14 22:16:21 +0000 |
|---|---|---|
| committer | yar <yar@FreeBSD.org> | 2007-06-14 22:16:21 +0000 |
| commit | 8a97efc4142c90e7826c728b39fe31a3fecf7073 (patch) | |
| tree | 2cc81892487faa794800c2118aa8289724857702 /libexec | |
| parent | b6a0b8bdc1036db4b7d20dddbb6c2a53ec93fb50 (diff) | |
| download | FreeBSD-src-8a97efc4142c90e7826c728b39fe31a3fecf7073.zip FreeBSD-src-8a97efc4142c90e7826c728b39fe31a3fecf7073.tar.gz | |
Use a single setusercontext(3) instead of a bunch of basic syscalls.
Besides aesthetic benefits, that makes at(1) jobs subject to such
login.conf(5) settings as resource limits.
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/atrun/Makefile | 4 | ||||
| -rw-r--r-- | libexec/atrun/atrun.c | 25 |
2 files changed, 29 insertions, 0 deletions
diff --git a/libexec/atrun/Makefile b/libexec/atrun/Makefile index aacbf2e..40ebd06 100644 --- a/libexec/atrun/Makefile +++ b/libexec/atrun/Makefile @@ -12,8 +12,12 @@ BINDIR= ${ATLIB_DIR} CLEANFILES= ${MAN} CFLAGS+=-I${MAINSRC} -I${.CURDIR} +CFLAGS+=-DLOGIN_CAP WFORMAT=0 +DPADD= ${LIBUTIL} +LDADD= -lutil + atrun.8: atrun.man @${ECHO} Making ${.TARGET:T} from ${.ALLSRC:T}; \ sed -e \ diff --git a/libexec/atrun/atrun.c b/libexec/atrun/atrun.c index ad53973..9881415 100644 --- a/libexec/atrun/atrun.c +++ b/libexec/atrun/atrun.c @@ -54,6 +54,9 @@ static const char rcsid[] = #else #include <getopt.h> #endif +#ifdef LOGIN_CAP +#include <login_cap.h> +#endif #if (MAXLOGNAME-1) > UT_NAMESIZE #define LOGNAMESIZE UT_NAMESIZE @@ -288,6 +291,19 @@ run_file(const char *filename, uid_t uid, gid_t gid) nice(tolower(queue) - 'a'); +#ifdef LOGIN_CAP + /* + * For simplicity and safety, set all aspects of the user context + * except for a selected subset: Don't set priority, which was + * set based on the queue file name according to the tradition. + * Don't bother to set environment, including path vars, either + * because it will be discarded anyway. Although the job file + * should set umask, preset it here just in case. + */ + if (setusercontext(NULL, pentry, uid, LOGIN_SETALL & + ~(LOGIN_SETPRIORITY | LOGIN_SETPATH | LOGIN_SETENV)) != 0) + exit(EXIT_FAILURE); /* setusercontext() logged the error */ +#else /* LOGIN_CAP */ if (initgroups(pentry->pw_name,pentry->pw_gid)) perr("cannot init group access list"); @@ -299,6 +315,7 @@ run_file(const char *filename, uid_t uid, gid_t gid) if (setuid(uid) < 0 || seteuid(uid) < 0) perr("cannot set user id"); +#endif /* LOGIN_CAP */ if (chdir(pentry->pw_dir)) chdir("/"); @@ -326,6 +343,13 @@ run_file(const char *filename, uid_t uid, gid_t gid) { PRIV_START +#ifdef LOGIN_CAP + /* + * This time set full context to run the mailer. + */ + if (setusercontext(NULL, pentry, uid, LOGIN_SETALL) != 0) + exit(EXIT_FAILURE); /* setusercontext() logged the error */ +#else /* LOGIN_CAP */ if (initgroups(pentry->pw_name,pentry->pw_gid)) perr("cannot init group access list"); @@ -337,6 +361,7 @@ run_file(const char *filename, uid_t uid, gid_t gid) if (setuid(uid) < 0 || seteuid(uid) < 0) perr("cannot set user id"); +#endif /* LOGIN_CAP */ if (chdir(pentry->pw_dir)) chdir("/"); |
