rpms/at
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- 568222 interrupted 'at' job creates empty job for non-root

Browse Source
This commit is contained in:
Marcela Mašláňová 2010-03-15 09:05:33 +00:00
parent 40fa1a06f1
commit 7d7d3d5dcd
3 changed files with 49 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
at-3.1.12-nowrap.patch
View File

@ -1,17 +1,19 @@
diff -up at-3.1.12/at.c.nowrap at-3.1.12/at.c diff -up at-3.1.12/at.c.nowrap at-3.1.12/at.c
--- at-3.1.12/at.c.nowrap 2010-02-12 12:48:23.000000000 +0100 --- at-3.1.12/at.c.nowrap 2010-02-18 14:39:50.125518422 +0100
+++ at-3.1.12/at.c 2010-02-12 12:51:18.781921727 +0100 +++ at-3.1.12/at.c 2010-02-22 13:20:03.817150406 +0100
@@ -308,9 +308,12 @@ writefile(time_t runtimer, char queue) @@ -308,10 +308,13 @@ writefile(time_t runtimer, char queue)
if (*ap == ' ') if (*ap == ' ')
*ap = '0'; *ap = '0';
- if (stat(atfile, &statbuf) != 0) - if (stat(atfile, &statbuf) != 0)
+ if (stat(atfile, &statbuf) != 0) { + /*if (stat(atfile, &statbuf) != 0) {
if (errno != ENOENT) if (errno != ENOENT)
perr("Cannot access " ATJOB_DIR); perr("Cannot access " ATJOB_DIR);
-
+ } else { + } else {
+ perr("atjob file already exists; bailing"); + perr("atjob file already exists; bailing");
+ } + }
+ */
/* Create the file. The x bit is only going to be set after it has /* Create the file. The x bit is only going to be set after it has
* been completely written out, to make sure it is not executed in the * been completely written out, to make sure it is not executed in the
* meantime. To make sure they do not get deleted, turn off their r

47
at-3.1.12-pam.patch
View File

@ -1,7 +1,28 @@
diff -up at-3.1.12/at.c.pam at-3.1.12/at.c diff -up at-3.1.12/at.c.pam at-3.1.12/at.c
--- at-3.1.12/at.c.pam 2009-12-03 10:34:52.714284767 +0100 --- at-3.1.12/at.c.pam 2010-03-15 09:57:27.043438000 +0100
+++ at-3.1.12/at.c 2009-12-03 10:36:38.736257590 +0100 +++ at-3.1.12/at.c 2010-03-15 09:58:12.426689166 +0100
@@ -318,26 +318,19 @@ writefile(time_t runtimer, char queue) @@ -141,18 +141,13 @@ sigc(int signo)
/* If the user presses ^C, remove the spool file and exit
*/
if (fcreated) {
- /*
PRIV_START
-
+ /*
We need the unprivileged uid here since the file is owned by the real
(not effective) uid.
*/
- setregid(real_gid, effective_gid);
- unlink(atfile);
- setregid(effective_gid, real_gid);
- /*
+ unlink(atfile);
PRIV_END
- */
}
exit(EXIT_FAILURE);
}
@@ -318,26 +313,19 @@ writefile(time_t runtimer, char queue)
* bit. Yes, this is a kluge. * bit. Yes, this is a kluge.
*/ */
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
@ -31,7 +52,7 @@ diff -up at-3.1.12/at.c.pam at-3.1.12/at.c
/* We've successfully created the file; let's set the flag so it /* We've successfully created the file; let's set the flag so it
* gets removed in case of an interrupt or error. * gets removed in case of an interrupt or error.
*/ */
@@ -661,7 +654,7 @@ process_jobs(int argc, char **argv, int @@ -661,7 +649,7 @@ process_jobs(int argc, char **argv, int
We need the unprivileged uid here since the file is owned by the real We need the unprivileged uid here since the file is owned by the real
(not effective) uid. (not effective) uid.
*/ */
@ -40,7 +61,7 @@ diff -up at-3.1.12/at.c.pam at-3.1.12/at.c
if (queue == '=') { if (queue == '=') {
fprintf(stderr, "Warning: deleting running job\n"); fprintf(stderr, "Warning: deleting running job\n");
@@ -670,8 +663,8 @@ process_jobs(int argc, char **argv, int @@ -670,8 +658,8 @@ process_jobs(int argc, char **argv, int
perr("Cannot unlink %.500s", dirent->d_name); perr("Cannot unlink %.500s", dirent->d_name);
rc = EXIT_FAILURE; rc = EXIT_FAILURE;
} }
@ -50,7 +71,7 @@ diff -up at-3.1.12/at.c.pam at-3.1.12/at.c
done = 1; done = 1;
break; break;
@@ -681,7 +674,7 @@ process_jobs(int argc, char **argv, int @@ -681,7 +669,7 @@ process_jobs(int argc, char **argv, int
FILE *fp; FILE *fp;
int ch; int ch;
@ -59,7 +80,7 @@ diff -up at-3.1.12/at.c.pam at-3.1.12/at.c
fp = fopen(dirent->d_name, "r"); fp = fopen(dirent->d_name, "r");
if (fp) { if (fp) {
@@ -694,7 +687,7 @@ process_jobs(int argc, char **argv, int @@ -694,7 +682,7 @@ process_jobs(int argc, char **argv, int
perr("Cannot open %.500s", dirent->d_name); perr("Cannot open %.500s", dirent->d_name);
rc = EXIT_FAILURE; rc = EXIT_FAILURE;
} }
@ -69,8 +90,8 @@ diff -up at-3.1.12/at.c.pam at-3.1.12/at.c
break; break;
diff -up at-3.1.12/atd.c.pam at-3.1.12/atd.c diff -up at-3.1.12/atd.c.pam at-3.1.12/atd.c
--- at-3.1.12/atd.c.pam 2009-12-03 10:36:45.265284508 +0100 --- at-3.1.12/atd.c.pam 2010-03-15 09:57:27.047513895 +0100
+++ at-3.1.12/atd.c 2009-12-03 10:38:52.276261175 +0100 +++ at-3.1.12/atd.c 2010-03-15 09:57:27.053437466 +0100
@@ -111,7 +111,7 @@ static int run_as_daemon = 0; @@ -111,7 +111,7 @@ static int run_as_daemon = 0;
static volatile sig_atomic_t term_signal = 0; static volatile sig_atomic_t term_signal = 0;
@ -231,7 +252,7 @@ diff -up at-3.1.12/atd.c.pam at-3.1.12/atd.c
diff -up at-3.1.12/config.h.in.pam at-3.1.12/config.h.in diff -up at-3.1.12/config.h.in.pam at-3.1.12/config.h.in
--- at-3.1.12/config.h.in.pam 2009-11-23 16:11:52.000000000 +0100 --- at-3.1.12/config.h.in.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/config.h.in 2009-12-03 10:34:36.373265254 +0100 +++ at-3.1.12/config.h.in 2010-03-15 09:57:27.054437183 +0100
@@ -68,8 +68,8 @@ @@ -68,8 +68,8 @@
/* Define to 1 if you have the <nlist.h> header file. */ /* Define to 1 if you have the <nlist.h> header file. */
#undef HAVE_NLIST_H #undef HAVE_NLIST_H
@ -245,7 +266,7 @@ diff -up at-3.1.12/config.h.in.pam at-3.1.12/config.h.in
#undef HAVE_PSTAT_GETDYNAMIC #undef HAVE_PSTAT_GETDYNAMIC
diff -up at-3.1.12/configure.ac.pam at-3.1.12/configure.ac diff -up at-3.1.12/configure.ac.pam at-3.1.12/configure.ac
--- at-3.1.12/configure.ac.pam 2009-11-23 16:11:52.000000000 +0100 --- at-3.1.12/configure.ac.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/configure.ac 2009-12-03 10:34:36.373265254 +0100 +++ at-3.1.12/configure.ac 2010-03-15 09:57:27.055443883 +0100
@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG @@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG
AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
AC_CHECK_HEADERS(security/pam_appl.h, [ AC_CHECK_HEADERS(security/pam_appl.h, [
@ -271,7 +292,7 @@ diff -up at-3.1.12/configure.ac.pam at-3.1.12/configure.ac
[ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
diff -up at-3.1.12/perm.c.pam at-3.1.12/perm.c diff -up at-3.1.12/perm.c.pam at-3.1.12/perm.c
--- at-3.1.12/perm.c.pam 2009-11-23 16:11:52.000000000 +0100 --- at-3.1.12/perm.c.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/perm.c 2009-12-03 10:34:36.373265254 +0100 +++ at-3.1.12/perm.c 2010-03-15 09:57:27.055443883 +0100
@@ -51,6 +51,14 @@ @@ -51,6 +51,14 @@
#define PRIV_END while(0) #define PRIV_END while(0)
#endif #endif
@ -344,7 +365,7 @@ diff -up at-3.1.12/perm.c.pam at-3.1.12/perm.c
return allow; return allow;
diff -up at-3.1.12/privs.h.pam at-3.1.12/privs.h diff -up at-3.1.12/privs.h.pam at-3.1.12/privs.h
--- at-3.1.12/privs.h.pam 2009-11-23 16:11:52.000000000 +0100 --- at-3.1.12/privs.h.pam 2009-11-23 16:11:52.000000000 +0100
+++ at-3.1.12/privs.h 2009-12-03 10:34:36.374266484 +0100 +++ at-3.1.12/privs.h 2010-03-15 09:57:27.060442603 +0100
@@ -144,3 +144,61 @@ extern gid_t real_gid, effective_gid, da @@ -144,3 +144,61 @@ extern gid_t real_gid, effective_gid, da
#error "Cannot implement user ID swapping without setreuid or setresuid" #error "Cannot implement user ID swapping without setreuid or setresuid"
#endif #endif

10
at.spec
View File

@ -6,7 +6,7 @@
Summary: Job spooling tools Summary: Job spooling tools
Name: at Name: at
Version: %{major_ver} Version: %{major_ver}
Release: 3%{dist} Release: 5%{dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://ftp.debian.org/debian/pool/main/a/at URL: http://ftp.debian.org/debian/pool/main/a/at
@ -163,7 +163,13 @@ fi
%attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56atd %attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56atd
%changelog %changelog
* Fri Feb 12 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.10-41 * Mon Mar 15 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-5
- 568222 interrupted 'at' job creates empty job for non-root
* Mon Mar 1 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-4
- 568779 atd is alway runnig after suspend/resume
* Fri Feb 12 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-3
- prevent arbitrary destruction of at jobs (based on 564243) - prevent arbitrary destruction of at jobs (based on 564243)
* Mon Jan 18 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-2 * Mon Jan 18 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-2