diff options
author | ache <ache@FreeBSD.org> | 1995-04-12 18:57:37 +0000 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 1995-04-12 18:57:37 +0000 |
commit | 64adcd35a46aa2f87a8eec022df59807ffd3a521 (patch) | |
tree | 0d82455f8d3115c90c8cb517895ed88cc0a3f115 /usr.sbin/cron | |
parent | baa7d4604a5066145df24b0c82dc3f5eba17f8a1 (diff) | |
download | FreeBSD-src-64adcd35a46aa2f87a8eec022df59807ffd3a521.zip FreeBSD-src-64adcd35a46aa2f87a8eec022df59807ffd3a521.tar.gz |
Close MAILTO security hole
Diffstat (limited to 'usr.sbin/cron')
-rw-r--r-- | usr.sbin/cron/cron/do_command.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.sbin/cron/cron/do_command.c b/usr.sbin/cron/cron/do_command.c index 4083c32..739191e6 100644 --- a/usr.sbin/cron/cron/do_command.c +++ b/usr.sbin/cron/cron/do_command.c @@ -16,7 +16,7 @@ */ #if !defined(lint) && !defined(LINT) -static char rcsid[] = "$Id: do_command.c,v 2.12 1994/01/15 20:43:43 vixie Exp $"; +static char rcsid[] = "$Id: do_command.c,v 1.1.1.1 1994/08/27 13:43:03 jkh Exp $"; #endif @@ -94,6 +94,10 @@ child_process(e, u) */ usernm = env_get("LOGNAME", e->envp); mailto = env_get("MAILTO", e->envp); + if (mailto && *mailto == '-') { + log_it("CRON",getpid(), usernm, "attempts to crack"); + exit(ERROR_EXIT); + } #ifdef USE_SIGCHLD /* our parent is watching for our death by catching SIGCHLD. we @@ -206,12 +210,12 @@ child_process(e, u) /* set our directory, uid and gid. Set gid first, since once * we set uid, we've lost root privledges. */ - setgid(e->gid); + chdir(env_get("HOME", e->envp)); # if defined(BSD) initgroups(env_get("LOGNAME", e->envp), e->gid); # endif + setgid(e->gid); setuid(e->uid); /* we aren't root after this... */ - chdir(env_get("HOME", e->envp)); /* exec the command. */ |