diff options
Diffstat (limited to 'usr.sbin/cron')
-rw-r--r-- | usr.sbin/cron/client.c | 20 | ||||
-rw-r--r-- | usr.sbin/cron/common.c | 3 | ||||
-rw-r--r-- | usr.sbin/cron/cron.c | 9 | ||||
-rw-r--r-- | usr.sbin/cron/pathnames.h | 6 |
4 files changed, 23 insertions, 15 deletions
diff --git a/usr.sbin/cron/client.c b/usr.sbin/cron/client.c index 1786af35dc2..4ef6a2f4c9e 100644 --- a/usr.sbin/cron/client.c +++ b/usr.sbin/cron/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.6 2015/11/11 17:05:23 millert Exp $ */ +/* $OpenBSD: client.c,v 1.7 2015/11/12 13:42:42 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") @@ -19,9 +19,12 @@ #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/un.h> #include <bitstring.h> /* for structs.h */ +#include <err.h> +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -92,13 +95,17 @@ void poke_daemon(const char *spool_dir, unsigned char cookie) { int sock = -1; + const char *cronsock = CRONSOCK; + struct stat sb; struct sockaddr_un s_un; + if (stat(cronsock, &sb) != 0) + cronsock = CRONSOCK_OLD; /* backwards compatibility */ + bzero(&s_un, sizeof(s_un)); - if (snprintf(s_un.sun_path, sizeof s_un.sun_path, "%s/%s", - CRON_SPOOL, CRONSOCK) >= sizeof(s_un.sun_path)) { - fprintf(stderr, "%s: %s/%s: path too long\n", - __progname, CRON_SPOOL, CRONSOCK); + if (strlcpy(s_un.sun_path, cronsock, sizeof(s_un.sun_path)) >= + sizeof(s_un.sun_path)) { + warnc(ENAMETOOLONG, "%s", cronsock); return; } s_un.sun_family = AF_UNIX; @@ -106,8 +113,7 @@ poke_daemon(const char *spool_dir, unsigned char cookie) connect(sock, (struct sockaddr *)&s_un, sizeof(s_un)) == 0) send(sock, &cookie, 1, MSG_NOSIGNAL); else - fprintf(stderr, "%s: warning, cron does not appear to be " - "running.\n", __progname); + warnx("warning, cron does not appear to be running"); if (sock >= 0) close(sock); } diff --git a/usr.sbin/cron/common.c b/usr.sbin/cron/common.c index a5869e87cce..381d309a660 100644 --- a/usr.sbin/cron/common.c +++ b/usr.sbin/cron/common.c @@ -1,4 +1,4 @@ -/* $OpenBSD: common.c,v 1.4 2015/11/11 17:02:22 millert Exp $ */ +/* $OpenBSD: common.c,v 1.5 2015/11/12 13:42:42 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") @@ -112,6 +112,7 @@ set_cron_cwd(void) exit(EXIT_FAILURE); } if (grp != NULL) { + setegid(grp->gr_gid); if (sb.st_gid != grp->gr_gid) chown(AT_SPOOL, -1, grp->gr_gid); if ((sb.st_mode & ALLPERMS) != 01770) diff --git a/usr.sbin/cron/cron.c b/usr.sbin/cron/cron.c index 2d35c85aa1b..00e80f722bc 100644 --- a/usr.sbin/cron/cron.c +++ b/usr.sbin/cron/cron.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cron.c,v 1.68 2015/11/11 17:19:22 millert Exp $ */ +/* $OpenBSD: cron.c,v 1.69 2015/11/12 13:42:42 millert Exp $ */ /* Copyright 1988,1990,1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") @@ -431,9 +431,9 @@ open_socket(void) exit(EXIT_FAILURE); } bzero(&s_un, sizeof(s_un)); - if (snprintf(s_un.sun_path, sizeof(s_un.sun_path), "%s/%s", - CRON_SPOOL, CRONSOCK) >= sizeof(s_un.sun_path)) { - fprintf(stderr, "%s/%s: path too long\n", CRON_SPOOL, CRONSOCK); + if (strlcpy(s_un.sun_path, CRONSOCK, sizeof(s_un.sun_path)) + >= sizeof(s_un.sun_path)) { + fprintf(stderr, "%s: path too long\n", CRONSOCK); log_it("CRON", "DEATH", "path too long"); exit(EXIT_FAILURE); } @@ -463,6 +463,7 @@ open_socket(void) exit(EXIT_FAILURE); } chmod(s_un.sun_path, 0660); + chown(s_un.sun_path, -1, getegid()); return(sock); } diff --git a/usr.sbin/cron/pathnames.h b/usr.sbin/cron/pathnames.h index 736558c576a..99d3a7efec1 100644 --- a/usr.sbin/cron/pathnames.h +++ b/usr.sbin/cron/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.20 2015/11/09 16:00:39 millert Exp $ */ +/* $OpenBSD: pathnames.h,v 1.21 2015/11/12 13:42:42 millert Exp $ */ /* Copyright 1993,1994 by Paul Vixie * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") @@ -50,9 +50,9 @@ /* CRONSOCK is the name of the socket used by at and * crontab to poke cron to re-read the at and cron * spool files while cron is asleep. - * It lives in the spool directory. */ -#define CRONSOCK ".sock" +#define CRONSOCK "/var/run/cron.sock" +#define CRONSOCK_OLD CRON_SPOOL "/.sock" /* cron allow/deny file. At least cron.deny must * exist for ordinary users to run crontab. |