Date: Tue, 11 Apr 1995 10:00:48 -0500 (CDT) From: Mike Pritchard <pritc003@maroon.tc.umn.edu> To: freebsd-hackers@FreeBSD.org Subject: atrun fix Message-ID: <199504111500.KAA01076@mpp.com>
next in thread | raw e-mail | index | archive | help
Here is a fix for the atrun security hole. When sending mail, atrun
will switch ids to that of the user running the at job. This will
prevent the user from spoofing sendmail any more than they could from a
login shell. I also fixed it so that it correctly sets up the users groups
before running the at job or sending mail to the user. It also now requires
that the user be present in the password file before allowing the
job to execute.
One other functional change is that mail will no longer be sent to
"root" if atrun can't figure out who to send mail to. This is a side
effect of requiring that the user be present in the password file.
-Mike
*** orig/atrun.c Tue Apr 11 08:29:43 1995
--- ./atrun.c Tue Apr 11 09:47:51 1995
***************
*** 74,83 ****
}
static void
! run_file(filename, uid, gid)
const char *filename;
uid_t uid;
- gid_t gid;
{
/*
* Run a file by by spawning off a process which redirects I/O,
--- 74,82 ----
}
static void
! run_file(filename, uid)
const char *filename;
uid_t uid;
{
/*
* Run a file by by spawning off a process which redirects I/O,
***************
*** 125,138 ****
fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC);
if (fscanf(stream, "#! /bin/sh\n# mail %8s %d", mailbuf, &send_mail) == 2) {
mailname = mailbuf;
} else {
! pentry = getpwuid(uid);
! if (pentry == NULL)
! mailname = "root";
! else
! mailname = pentry->pw_name;
}
fclose(stream);
if (chdir(_PATH_ATSPOOL) < 0)
--- 124,135 ----
fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC);
+ if ((pentry = getpwuid(uid)) == NULL)
+ perr("Unable to determine login name for job");
if (fscanf(stream, "#! /bin/sh\n# mail %8s %d", mailbuf, &send_mail) == 2) {
mailname = mailbuf;
} else {
! mailname = pentry->pw_name;
}
fclose(stream);
if (chdir(_PATH_ATSPOOL) < 0)
***************
*** 193,199 ****
if (queue > 'b')
nice(queue - 'b');
! if (setgid(gid) < 0)
perr("Cannot change group");
if (setuid(uid) < 0)
--- 190,198 ----
if (queue > 'b')
nice(queue - 'b');
! if (initgroups(pentry->pw_name, pentry->pw_gid) < 0)
! perr("Cannot initialize group list");
! if (setgid(pentry->pw_gid) < 0)
perr("Cannot change group");
if (setuid(uid) < 0)
***************
*** 221,229 ****
--- 220,238 ----
if (open(filename, O_RDONLY) != STDIN_FILENO)
perr("Cannot reopen output file");
+ PRIV_START
+
+ if (initgroups(pentry->pw_name, pentry->pw_gid) < 0)
+ perr("Cannot initialize group list");
+ if (setgid(pentry->pw_gid) < 0)
+ perr("Cannot change group");
+ if (setuid(uid) < 0)
+ perr("Cannot set user id");
execl(_PATH_SENDMAIL, _PATH_SENDMAIL, mailname,
(char *) NULL);
perr("Exec failed");
+
+ PRIV_END
}
waitpid(pid, (int *) NULL, 0);
}
***************
*** 315,321 ****
PRIV_END
! run_file(dirent->d_name, buf.st_uid, buf.st_gid);
}
/* Delete older files */
if (older && !(S_IXUSR & buf.st_mode) &&
--- 324,330 ----
PRIV_END
! run_file(dirent->d_name, buf.st_uid);
}
/* Delete older files */
if (older && !(S_IXUSR & buf.st_mode) &&
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504111500.KAA01076>