diff options
author | peter <peter@FreeBSD.org> | 1997-03-14 13:48:04 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1997-03-14 13:48:04 +0000 |
commit | 8e1c208b61a81b3349c9bd8c476d812cb25dfafc (patch) | |
tree | 4f7312e5a9b633379908aab4897236ec9a43180f /usr.sbin/cron | |
parent | 4cbeeb4a53e5f0be69e4b1d08bde0ea54194f92d (diff) | |
download | FreeBSD-src-8e1c208b61a81b3349c9bd8c476d812cb25dfafc.zip FreeBSD-src-8e1c208b61a81b3349c9bd8c476d812cb25dfafc.tar.gz |
For some reason, the old login class code didn't seem to be working here.
I suspect it was because the child exec code's parent was doing the
initial lookups, then forking, then doing other things (possibly trashing
the static data in the getpw*() buffer), then attempting to dereference
*pwd and *lc. Also, no error checking appeared to be done - I've allowed
it to fall back to the old "become user" code on critical failure rather than
risk running a user's cron jobs as root.
Diffstat (limited to 'usr.sbin/cron')
-rw-r--r-- | usr.sbin/cron/cron/do_command.c | 37 |
1 files changed, 24 insertions, 13 deletions
diff --git a/usr.sbin/cron/cron/do_command.c b/usr.sbin/cron/cron/do_command.c index 49c4b15..cc23842 100644 --- a/usr.sbin/cron/cron/do_command.c +++ b/usr.sbin/cron/cron/do_command.c @@ -16,7 +16,7 @@ */ #if !defined(lint) && !defined(LINT) -static char rcsid[] = "$Id$"; +static char rcsid[] = "$Id: do_command.c,v 1.10 1997/02/22 16:04:43 peter Exp $"; #endif @@ -81,8 +81,8 @@ child_process(e, u) char *usernm, *mailto; int children = 0; # if defined(LOGIN_CAP) - struct passwd *pwd = getpwuid(e->uid); - login_cap_t *lc = login_getclass(pwd); + struct passwd *pwd; + login_cap_t *lc; # endif Debug(DPROC, ("[%d] child_process('%s')\n", getpid(), e->cmd)) @@ -223,18 +223,29 @@ child_process(e, u) /* Set user's entire context, but skip the environment * as cron provides a separate interface for this */ - setusercontext(lc, pwd, e->uid, LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETENV)); - login_close(lc); -# else - /* set our directory, uid and gid. Set gid first, since once - * we set uid, we've lost root privledges. - */ - setgid(e->gid); + pwd = getpwuid(e->uid); + if (pwd) + lc = login_getclass(pwd); + else + lc = NULL; + if (lc && pwd) { + setusercontext(lc, pwd, e->uid, + LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETENV)); + login_close(lc); + } else { + /* fall back to the old method */ +# endif + /* set our directory, uid and gid. Set gid first, + * since once we set uid, we've lost root privledges. + */ + setgid(e->gid); # if defined(BSD) - initgroups(env_get("LOGNAME", e->envp), e->gid); + initgroups(env_get("LOGNAME", e->envp), e->gid); # endif - setlogin(usernm); - setuid(e->uid); /* we aren't root after this... */ + setlogin(usernm); + setuid(e->uid); /* we aren't root after this..*/ +#if defined(LOGIN_CAP) + } #endif chdir(env_get("HOME", e->envp)); |