|
|
8dcad9b |
--- at-3.1.10/at.c.perm 2007-07-04 09:43:19.000000000 +0200
|
|
|
8dcad9b |
+++ at-3.1.10/at.c 2007-07-04 10:04:47.000000000 +0200
|
|
|
8dcad9b |
@@ -314,26 +314,19 @@
|
|
|
a381a9c |
* bit. Yes, this is a kluge.
|
|
|
a381a9c |
*/
|
|
|
a381a9c |
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
|
|
|
a381a9c |
- seteuid(real_uid);
|
|
|
8dcad9b |
+ seteuid(effective_uid);
|
|
|
a381a9c |
if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1)
|
|
|
a381a9c |
perr("Cannot create atjob file %.500s", atfile);
|
|
|
a381a9c |
- seteuid(effective_uid);
|
|
|
a381a9c |
+ //seteuid(effective_uid);
|
|
|
a381a9c |
|
|
|
a381a9c |
if ((fd2 = dup(fd)) < 0)
|
|
|
a381a9c |
perr("Error in dup() of job file");
|
|
|
8dcad9b |
|
|
|
8dcad9b |
- /*
|
|
|
8dcad9b |
if (fchown(fd2, real_uid, real_gid) != 0)
|
|
|
8dcad9b |
- perr("Cannot give away file");
|
|
|
8dcad9b |
- */
|
|
|
8dcad9b |
+ perr("Cannot give real_uid and real_gid the file");
|
|
|
8dcad9b |
|
|
|
8dcad9b |
PRIV_END
|
|
|
8dcad9b |
|
|
|
8dcad9b |
- /* We no longer need suid root; now we just need to be able to write
|
|
|
8dcad9b |
- * to the directory, if necessary.
|
|
|
8dcad9b |
- */
|
|
|
8dcad9b |
-
|
|
|
8dcad9b |
- REDUCE_PRIV(daemon_uid, daemon_gid)
|
|
|
8dcad9b |
/* We've successfully created the file; let's set the flag so it
|
|
|
8dcad9b |
* gets removed in case of an interrupt or error.
|
|
|
8dcad9b |
*/
|
|
|
8dcad9b |
@@ -491,7 +484,7 @@
|
|
|
8dcad9b |
*/
|
|
|
8dcad9b |
|
|
|
8dcad9b |
if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0)
|
|
|
8dcad9b |
- perr("Cannot give away file");
|
|
|
8dcad9b |
+ perr("Cannot change the mode of the file");
|
|
|
8dcad9b |
|
|
|
8dcad9b |
close(fd2);
|
|
|
8dcad9b |
|
|
|
8dcad9b |
@@ -656,7 +649,7 @@
|
|
|
8dcad9b |
We need the unprivileged uid here since the file is owned by the real
|
|
|
8dcad9b |
(not effective) uid.
|
|
|
8dcad9b |
*/
|
|
|
8dcad9b |
- setregid(real_gid, effective_gid);
|
|
|
8dcad9b |
+ PRIV_START
|
|
|
8dcad9b |
|
|
|
8dcad9b |
if (queue == '=') {
|
|
|
8dcad9b |
fprintf(stderr, "Warning: deleting running job\n");
|
|
|
8dcad9b |
@@ -665,8 +658,8 @@
|
|
|
8dcad9b |
perr("Cannot unlink %.500s", dirent->d_name);
|
|
|
8dcad9b |
rc = EXIT_FAILURE;
|
|
|
8dcad9b |
}
|
|
|
8dcad9b |
+ PRIV_END
|
|
|
8dcad9b |
|
|
|
8dcad9b |
- setregid(effective_gid, real_gid);
|
|
|
8dcad9b |
done = 1;
|
|
|
8dcad9b |
|
|
|
8dcad9b |
break;
|
|
|
8dcad9b |
@@ -676,7 +669,7 @@
|
|
|
8dcad9b |
FILE *fp;
|
|
|
8dcad9b |
int ch;
|
|
|
8dcad9b |
|
|
|
8dcad9b |
- setregid(real_gid, effective_gid);
|
|
|
8dcad9b |
+ PRIV_START
|
|
|
8dcad9b |
fp = fopen(dirent->d_name, "r");
|
|
|
8dcad9b |
|
|
|
8dcad9b |
if (fp) {
|
|
|
8dcad9b |
@@ -689,7 +682,7 @@
|
|
|
8dcad9b |
perr("Cannot open %.500s", dirent->d_name);
|
|
|
8dcad9b |
rc = EXIT_FAILURE;
|
|
|
8dcad9b |
}
|
|
|
8dcad9b |
- setregid(effective_gid, real_gid);
|
|
|
8dcad9b |
+ PRIV_END
|
|
|
8dcad9b |
}
|
|
|
8dcad9b |
break;
|
|
|
8dcad9b |
|