I simplified the patch addressed certain security concerns. I only
allowed setusercontext() to set resource limits/priority and umask,
because these are the values that are relevant from login.conf. The
rest of the settings (uid/gid/initgroups) should be done using e->uid
and e->gid like they were before, not from:
struct passwd *pwd = getpwnam(getenv("LOGNAME"));
Finally login_cap's (path/env) are irrelevant in this context since
we want to use our e->envp anyway to execute the command.
for the system crontab file, pass a NULL pointer instead. This
prevents someone from creating a "*system*" file in the tabs directory
that acts as an alternate root crontab.
from openbsd
ended up _after_ the final '\0', so the code past though there are some
data to be passed to the spawned command, causing child process
crash under some circumstances; adjust input_data in this case to avoid this
XXX this is already fixed in cron 4.0-b1 (though slighly differently)
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
wiz