[src/trunk]: src/usr.sbin/cron PR/15142: Kevin P. Neal: cron does not pay att...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d8e6588c5100
branches:  trunk
changeset: 544215:d8e6588c5100
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Mar 14 21:56:07 2003 +0000

description:
PR/15142: Kevin P. Neal: cron does not pay attention to login_cap(3)

I simplified the patch addressed certain security concerns. I only
allowed setusercontext() to set resource limits/priority and umask,
because these are the values that are relevant from login.conf. The
rest of the settings (uid/gid/initgroups) should be done using e->uid
and e->gid like they were before, not from:

        struct passwd *pwd = getpwnam(getenv("LOGNAME"));

Finally login_cap's (path/env) are irrelevant in this context since
we want to use our e->envp anyway to execute the command.

diffstat:

 usr.sbin/cron/Makefile     |   5 +++--
 usr.sbin/cron/do_command.c |  18 +++++++++++++++---
 2 files changed, 18 insertions(+), 5 deletions(-)

diffs (67 lines):

diff -r 74a5c602df53 -r d8e6588c5100 usr.sbin/cron/Makefile
--- a/usr.sbin/cron/Makefile    Fri Mar 14 21:38:26 2003 +0000
+++ b/usr.sbin/cron/Makefile    Fri Mar 14 21:56:07 2003 +0000
@@ -1,9 +1,10 @@
-#      $NetBSD: Makefile,v 1.9 1998/01/31 14:40:13 christos Exp $
+#      $NetBSD: Makefile,v 1.10 2003/03/14 21:56:07 christos Exp $
 
 PROG=  cron
 SRCS=  cron.c database.c do_command.c entry.c env.c job.c \
        misc.c popen.c user.c
-CPPFLAGS+=-I${.CURDIR}
+CPPFLAGS+=-I${.CURDIR} -DLOGIN_CAP
+LDADD+=-lutil
 MAN=   cron.8
 
 .include <bsd.prog.mk>
diff -r 74a5c602df53 -r d8e6588c5100 usr.sbin/cron/do_command.c
--- a/usr.sbin/cron/do_command.c        Fri Mar 14 21:38:26 2003 +0000
+++ b/usr.sbin/cron/do_command.c        Fri Mar 14 21:56:07 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: do_command.c,v 1.12 2003/02/19 09:21:15 dsl Exp $      */
+/*     $NetBSD: do_command.c,v 1.13 2003/03/14 21:56:07 christos Exp $ */
 
 /* Copyright 1988,1990,1993,1994 by Paul Vixie
  * All rights reserved
@@ -22,7 +22,7 @@
 #if 0
 static char rcsid[] = "Id: do_command.c,v 2.12 1994/01/15 20:43:43 vixie Exp ";
 #else
-__RCSID("$NetBSD: do_command.c,v 1.12 2003/02/19 09:21:15 dsl Exp $");
+__RCSID("$NetBSD: do_command.c,v 1.13 2003/03/14 21:56:07 christos Exp $");
 #endif
 #endif
 
@@ -36,6 +36,10 @@
 # include <syslog.h>
 #endif
 
+#ifdef LOGIN_CAP
+# include <pwd.h>
+# include <login_cap.h>
+#endif 
 
 static void            child_process __P((entry *, user *)),
                        do_univ __P((user *));
@@ -232,12 +236,20 @@
                 */
                do_univ(u);
 
+#ifdef LOGIN_CAP
+               if (setusercontext(NULL, getpwuid(e->uid), e->uid,
+                   LOGIN_SETRESOURCES|LOGIN_SETPRIORITY|
+                   LOGIN_SETUMASK) != 0) {
+                       syslog(LOG_ERR, "setusercontext failed");
+                       _exit(ERROR_EXIT);
+               }
+#endif /* LOGIN_CAP */
                /* set our directory, uid and gid.  Set gid first, since once
                 * we set uid, we've lost root privledges.
                 */
                setgid(e->gid);
 # if defined(BSD)
-               initgroups(env_get("LOGNAME", e->envp), e->gid);
+               initgroups(usernm, e->gid);
 # endif
                setuid(e->uid);         /* we aren't root after this... */
                chdir(env_get("HOME", e->envp));