d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFC: 1.23

Browse Source 
/etc/crontab is similar enough to parse as correct if you run
"crontab /etc/crontab", but not the same format due to the who field.
Add some limited anti-foot-shooting support and refuse to load
/etc/crontab as someone's crontab.  Users wishing shoot their foot in
this manner may copy /etc/crontab elsewhere. :)
This commit is contained in:
brooks 2006-09-03 17:32:32 +00:00
parent 2ad438785e
commit aee1f844c0
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
usr.sbin/cron/crontab/crontab.c
View File

@ -134,6 +134,7 @@ parse_args(argc, argv)
char *argv[];
{
int argch;
char resolved_path[PATH_MAX];
if (!(pw = getpwuid(getuid())))
errx(ERROR_EXIT, "your UID isn't in the passwd file, bailing out");
@ -200,6 +201,9 @@ parse_args(argc, argv)
*/
if (!strcmp(Filename, "-")) {
NewCrontab = stdin;
} else if (realpath(Filename, resolved_path) != NULL &&
!strcmp(resolved_path, "/etc/crontab")) {
err(ERROR_EXIT, "/etc/crontab must be edited manually");
} else {
/* relinquish the setuid status of the binary during
* the open, lest nonroot users read files they should