plug security hole in "crontab -r".
fix from Todd C. Miller <millert@cs.Colorado.EDU>
This commit is contained in:
parent
c1bb61de2d
commit
0e3d3e345e
|
@ -1,5 +1,5 @@
|
|||
#ifndef lint
|
||||
static char rcsid[] = "$Id: crontab.c,v 1.6 1993/12/07 10:27:05 mycroft Exp $";
|
||||
static char rcsid[] = "$Id: crontab.c,v 1.7 1993/12/18 02:42:17 cgd Exp $";
|
||||
#endif /* not lint */
|
||||
|
||||
#define MAIN_PROGRAM
|
||||
|
@ -172,10 +172,13 @@ parse_args(argc, argv)
|
|||
if (!strcmp(Filename, "-")) {
|
||||
NewCrontab = stdin;
|
||||
} else {
|
||||
/* swap effective/real uid to plug security hole */
|
||||
setreuid(geteuid(), getuid());
|
||||
if (!(NewCrontab = fopen(Filename, "r"))) {
|
||||
perror(Filename);
|
||||
exit(ERROR_EXIT);
|
||||
}
|
||||
setreuid(getuid(), geteuid());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue