Subject: Bug in at/atq/atrm/batch (NetBSD 1.0)
To: None <firstname.lastname@example.org>
From: Jukka Marin <email@example.com>
Date: 12/17/1994 19:06:22
I am running NetBSD 1.0 on Amiga 3000 (m68k port). I noticed that atq(1)
and atrm(1) let any user examine and remove any jobs in the at queue.
I examined the source code (at.c) and noticed that the REDUCE_PRIV macro
sets the real_uid variable to zero which makes atq and atrm think they
were run as root, which gives root privileges to all users, when it comes
to manipulating the at queue.
I temporarily fixed the problem by replacing the calls to REDUCE_PRIV with
calls to PRIV_START and PRIV_END (around the delete_jobs() and list_jobs()
I think the problem has been there for a long time, I saw it with either
NetBSD 0.9 or some 1.0beta release. I just thought I was doing something
wrong, but it appears to be a real bug. ;-)
Please e-mail any comments to me, I'm not on this maling list (yet?).
| Mail: Jukka Marin | E-Mail: firstname.lastname@example.org |
| Metsurintie 17 B 8 | FAX/voice: +358 71 283 2793 |
| 70150 Kuopio | There's God above computers - |
| FINLAND | Love beyond the hate |
\ If a train station is where the train stops, what is a workstation? /