diff options
| author |   millert <millert@openbsd.org> | 2015-11-12 13:42:42 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2015-11-12 13:42:42 +0000 |
| commit | 6b36bf07abf6dccf3133e606563bd172a220f52b (patch) | |
| tree | f1a34a4a8f6232e087dee362f1014b420fb1345d /usr.sbin/cron | |
| parent | update NAME; ok schwarze nicm (diff) | |
| download | wireguard-openbsd-6b36bf07abf6dccf3133e606563bd172a220f52b.tar.xz wireguard-openbsd-6b36bf07abf6dccf3133e606563bd172a220f52b.zip | |
Move cron socket to /var/run/cron.sock. Client code will try the old
location if the new one doesn't exist for now. In order to allow
the fchown() to succeed, cron now sets its effective gid to crontab.
OK jca@ deraadt@
Diffstat (limited to 'usr.sbin/cron')
| -rw-r--r-- | usr.sbin/cron/client.c | 20 | ||||
| -rw-r--r-- | usr.sbin/cron/common.c | 3 | ||||
| -rw-r--r-- | usr.sbin/cron/cron.c | 9 | ||||
| -rw-r--r-- | usr.sbin/cron/pathnames.h | 6 |
4 files changed, 23 insertions, 15 deletions
diff --git a/usr.sbin/cron/client.c b/usr.sbin/cron/client.c index 1786af35dc2..4ef6a2f4c9e 100644 --- a/usr.sbin/cron/client.c +++ b/usr.sbin/cron/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.6 2015/11/11 17:05:23 millert Exp $ */ +/* $OpenBSD: client.c,v 1.7 2015/11/12 13:42:42 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") @@ -19,9 +19,12 @@ #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/un.h> #include <bitstring.h> /* for structs.h */ +#include <err.h> +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -92,13 +95,17 @@ void poke_daemon(const char *spool_dir, unsigned char cookie) { int sock = -1; + const char *cronsock = CRONSOCK; + struct stat sb; struct sockaddr_un s_un; + if (stat(cronsock, &sb) != 0) + cronsock = CRONSOCK_OLD; /* backwards compatibility */ + bzero(&s_un, sizeof(s_un)); - if (snprintf(s_un.sun_path, sizeof s_un.sun_path, "%s/%s", - CRON_SPOOL, CRONSOCK) >= sizeof(s_un.sun_path)) { - fprintf(stderr, "%s: %s/%s: path too long\n", - __progname, CRON_SPOOL, CRONSOCK); + if (strlcpy(s_un.sun_path, cronsock, sizeof(s_un.sun_path)) >= + sizeof(s_un.sun_path)) { + warnc(ENAMETOOLONG, "%s", cronsock); return; } s_un.sun_family = AF_UNIX; @@ -106,8 +113,7 @@ poke_daemon(const char *spool_dir, unsigned char cookie) connect(sock, (struct sockaddr *)&s_un, sizeof(s_un)) == 0) send(sock, &cookie, 1, MSG_NOSIGNAL); else - fprintf(stderr, "%s: warning, cron does not appear to be " - "running.\n", __progname); + warnx("warning, cron does not appear to be running"); if (sock >= 0) close(sock); } diff --git a/usr.sbin/cron/common.c b/usr.sbin/cron/common.c index a5869e87cce..381d309a660 100644 --- a/usr.sbin/cron/common.c +++ b/usr.sbin/cron/common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: common.c,v 1.4 2015/11/11 17:02:22 millert Exp $ */ +/* $OpenBSD: common.c,v 1.5 2015/11/12 13:42:42 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") @@ -112,6 +112,7 @@ set_cron_cwd(void) exit(EXIT_FAILURE); } if (grp != NULL) { + setegid(grp->gr_gid); if (sb.st_gid != grp->gr_gid) chown(AT_SPOOL, -1, grp->gr_gid); if ((sb.st_mode & ALLPERMS) != 01770) diff --git a/usr.sbin/cron/cron.c b/usr.sbin/cron/cron.c index 2d35c85aa1b..00e80f722bc 100644 --- a/usr.sbin/cron/cron.c +++ b/usr.sbin/cron/cron.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cron.c,v 1.68 2015/11/11 17:19:22 millert Exp $ */ +/* $OpenBSD: cron.c,v 1.69 2015/11/12 13:42:42 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") @@ -431,9 +431,9 @@ open_socket(void) exit(EXIT_FAILURE); } bzero(&s_un, sizeof(s_un)); - if (snprintf(s_un.sun_path, sizeof(s_un.sun_path), "%s/%s", - CRON_SPOOL, CRONSOCK) >= sizeof(s_un.sun_path)) { - fprintf(stderr, "%s/%s: path too long\n", CRON_SPOOL, CRONSOCK); + if (strlcpy(s_un.sun_path, CRONSOCK, sizeof(s_un.sun_path)) + >= sizeof(s_un.sun_path)) { + fprintf(stderr, "%s: path too long\n", CRONSOCK); log_it("CRON", "DEATH", "path too long"); exit(EXIT_FAILURE); } @@ -463,6 +463,7 @@ open_socket(void) exit(EXIT_FAILURE); } chmod(s_un.sun_path, 0660); + chown(s_un.sun_path, -1, getegid()); return(sock); } diff --git a/usr.sbin/cron/pathnames.h b/usr.sbin/cron/pathnames.h index 736558c576a..99d3a7efec1 100644 --- a/usr.sbin/cron/pathnames.h +++ b/usr.sbin/cron/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.20 2015/11/09 16:00:39 millert Exp $ */ +/* $OpenBSD: pathnames.h,v 1.21 2015/11/12 13:42:42 millert Exp $ */ /* Copyright 1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") @@ -50,9 +50,9 @@ /* CRONSOCK is the name of the socket used by at and * crontab to poke cron to re-read the at and cron * spool files while cron is asleep. - * It lives in the spool directory. */ -#define CRONSOCK ".sock" +#define CRONSOCK "/var/run/cron.sock" +#define CRONSOCK_OLD CRON_SPOOL "/.sock" /* cron allow/deny file. At least cron.deny must * exist for ordinary users to run crontab. |