PR/15142: Kevin P. Neal: cron does not pay attention to login_cap(3)

I simplified the patch addressed certain security concerns. I only allowed setusercontext() to set resource limits/priority and umask, because these are the values that are relevant from login.conf. The rest of the settings (uid/gid/initgroups) should be done using e->uid and e->gid like they were before, not from: struct passwd *pwd = getpwnam(getenv("LOGNAME")); Finally login_cap's (path/env) are irrelevant in this context since we want to use our e->envp anyway to execute the command.
2003-03-14 21:56:07 +00:00 · 2003-03-14 21:56:07 +00:00 · c2b5bf99ef
parent a8a18df708
commit c2b5bf99ef
2 changed files with 18 additions and 5 deletions
--- a/usr.sbin/cron/Makefile
+++ b/usr.sbin/cron/Makefile
@ -1,9 +1,10 @@
-#	$NetBSD: Makefile,v 1.9 1998/01/31 14:40:13 christos Exp $
+#	$NetBSD: Makefile,v 1.10 2003/03/14 21:56:07 christos Exp $

 PROG=	cron
 SRCS=	cron.c database.c do_command.c entry.c env.c job.c \
 	misc.c popen.c user.c
-CPPFLAGS+=-I${.CURDIR}
+CPPFLAGS+=-I${.CURDIR} -DLOGIN_CAP
+LDADD+=-lutil
 MAN=	cron.8

 .include <bsd.prog.mk>
--- a/usr.sbin/cron/do_command.c
+++ b/usr.sbin/cron/do_command.c
@ -1,4 +1,4 @@
-/*	$NetBSD: do_command.c,v 1.12 2003/02/19 09:21:15 dsl Exp $	*/
+/*	$NetBSD: do_command.c,v 1.13 2003/03/14 21:56:07 christos Exp $	*/

 /* Copyright 1988,1990,1993,1994 by Paul Vixie
 * All rights reserved
@ -22,7 +22,7 @@
 #if 0
 static char rcsid[] = "Id: do_command.c,v 2.12 1994/01/15 20:43:43 vixie Exp ";
 #else
-__RCSID("$NetBSD: do_command.c,v 1.12 2003/02/19 09:21:15 dsl Exp $");
+__RCSID("$NetBSD: do_command.c,v 1.13 2003/03/14 21:56:07 christos Exp $");
 #endif
 #endif

@ -36,6 +36,10 @@ __RCSID("$NetBSD: do_command.c,v 1.12 2003/02/19 09:21:15 dsl Exp $");
 # include <syslog.h>
 #endif

+#ifdef LOGIN_CAP
+# include <pwd.h>
+# include <login_cap.h>
+#endif 

 static void		child_process __P((entry *, user *)),
 			do_univ __P((user *));
@ -232,12 +236,20 @@ child_process(e, u)
 		 */
 		do_univ(u);

+#ifdef LOGIN_CAP
+		if (setusercontext(NULL, getpwuid(e->uid), e->uid,
+		    LOGIN_SETRESOURCES|LOGIN_SETPRIORITY|
+		    LOGIN_SETUMASK) != 0) {
+			syslog(LOG_ERR, "setusercontext failed");
+			_exit(ERROR_EXIT);
+		}
+#endif /* LOGIN_CAP */
 		/* set our directory, uid and gid.  Set gid first, since once
 		 * we set uid, we've lost root privledges.
 		 */
 		setgid(e->gid);
 # if defined(BSD)
-		initgroups(env_get("LOGNAME", e->envp), e->gid);
+		initgroups(usernm, e->gid);
 # endif
 		setuid(e->uid);		/* we aren't root after this... */
 		chdir(env_get("HOME", e->envp));