bin/47362: cron is too restrictive on file permissions

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/47362: cron is too restrictive on file permissions
From: marcotte%panix.com@localhost
Date: Mon, 24 Dec 2012 17:10:01 +0000 (UTC)

>Number:         47362
>Category:       bin
>Synopsis:       cron is too restrictive on file permissions
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Dec 24 17:10:00 +0000 2012
>Originator:     Brian Marcotte
>Release:        NetBSD 6.0
>Organization:
        Public Access Networks, Corp.
>Environment:
System: NetBSD k1.nyc.access.net 6.0 NetBSD 6.0 (PANIX-XEN-STD) #0: Sun Oct 14 
15:57:33 EDT 2012 
root%juggler.panix.com@localhost:/misc/obj/misc/devel/netbsd/6.0/src/sys/arch/i386/compile/PANIX-XEN-STD
 i386
Architecture: i386
Machine: i386
>Description:
We were getting these in the syslogs when we upgraded to NetBSD 6:

        (root) BAD FILE MODE (tabs/root)

The file is read-only because it is in RCS:

        -r--------  1 root  wheel  961 Mar 13  2012 /var/cron/tabs/root

I don't believe it's a security problem for the file to be read-only by
root. Cron should allow this mode.

>How-To-Repeat:
        
>Fix:
In src/external/bsd/cron/dist/database.c, process_crontab():

I'm not sure why "eqmode" is needed at all. It seems to me that just
setting "badmode" to 077 is enough (which may get changed to 022 if
fname is NULL).

Prev by Date: Re: bin/42961: cvs near-silently throws away local mods
Next by Date: Re: toolchain/44578 (cross-building netbsd5 on current-amd64 is missing /var/db/libc.tags)
Previous by Thread: PR/45872 CVS commit: src/sbin/wsconsctl
Next by Thread: Re: bin/47337 (netbsd-6 i386 doesn't build with MKDEBUG=YES due to bind set lists)
Indexes:

Home | Main Index | Thread Index | Old Index