current-users: at bugs

Subject: at bugs
To: None <current-users@netbsd.org>
From: Timothy Newsham <newsham@wiliki.eng.hawaii.edu>
List: current-users
Date: 12/17/1994 09:59:42
Hi,

  The "at" program has some bugs as was pointed out by N. Hallqvist and
J. Marrin (sorry if I mispelled).  The fixes posted by J. Marrin cover
the two bugs he found but I think the whole file should be scrutinized.
There is at least one more error.  It seems the author used his macros
incorrectly:

        /*
         * We no longer need suid root; now we just need to be able to
         * write to the directory, if necessary.
         */

            REDUCE_PRIV(0);

if you look in the privs.h file:

#define REDUCE_PRIV(a) { \
        seteuid(effective_uid); \
        real_uid = effective_uid = (a); \
        setuid(real_uid); \
}


The macro does the opposite of what his comments say it should do.
What he probably wanted to do is:

	REDUCE_PRIV(real_uid);

All three occurances of the REDUCE_PRIV macro should be removed from
the file.  The first should be changed as above and the other two
can be completely removed.  The routines that handle "atq" and
"atrm" already enable and disable priveledges correctly and the
REDUCE_PRIV(0) that was added before calling them is completely
unnecessary.

                                 Tim N.


here's the patch I made to my system:
---------

*** /tmp/at/at.c	Thu Dec 16 21:04:46 1993
--- at.c	Sat Dec 17 09:59:58 1994
***************
*** 244,254 ****
  	/*
  	 * We no longer need suid root; now we just need to be able to
  	 * write to the directory, if necessary.
  	 */
  
! 	    REDUCE_PRIV(0);
  
  	/*
  	 * We've successfully created the file; let's set the flag so it
  	 * gets removed in case of an interrupt or error.
  	 */
--- 244,254 ----
  	/*
  	 * We no longer need suid root; now we just need to be able to
  	 * write to the directory, if necessary.
  	 */
  
! 	    REDUCE_PRIV(real_uid);
  
  	/*
  	 * We've successfully created the file; let's set the flag so it
  	 * gets removed in case of an interrupt or error.
  	 */
***************
*** 471,480 ****
--- 471,481 ----
  	char *options = "q:f:mv";	/* default options for at */
  	time_t timer;
  
  	RELINQUISH_PRIVS
  
+ 
  	/* Eat any leading paths */
  	if ((pgm = strrchr(argv[0], '/')) == NULL)
  		pgm = argv[0];
  	else
  		pgm++;
***************
*** 525,544 ****
  	/* end of options eating */
  
  	/* select our program */
  	switch (program) {
  	case ATQ:
- 
- 		REDUCE_PRIV(0);
- 
  		list_jobs();
  		break;
  
  	case ATRM:
- 
- 		REDUCE_PRIV(0);
- 
  		delete_jobs(argc, argv);
  		break;
  
  	case AT:
  		timer = parsetime(argc, argv);
--- 526,539 ----