On 02-Aug-03, 23:36 (CDT), Matt Zimmerman <[EMAIL PROTECTED]> wrote:
> So: open, fstat, stat, compare fstat.st_ino to stat.st_ino, check
> fstat.st_uid. O_EXCL should also be used when writing to the directory.
That introduces a (possibly minor) race condition: if the user runs
crontab to replace their file between the open() and stat() calls,
this check will fail. Not a huge problem, because it will pick it up
correctly the next time cron runs. And better to have the check than
not, I agree.
For the record, the way crontab add/replaces the user's file is to
first create a tmp file in the spool directory, check that it parses
correctly, and then rename() it to the user's name.
I'll take a look at the OpenBSD and Solar Designer implementations, and
see what they did.
> It should be noted somewhere that these protections do little good if the
> system allows users to give away their files (as with the recent XFS bug),
> and gid cron becomes equivalent to root again.
Nor do they do any good if root's password is empty. Not cron's problem.
(Insert standard homily about security and the chain's weakest link.)
Steve
--
Steve Greenland
The irony is that Bill Gates claims to be making a stable operating
system and Linus Torvalds claims to be trying to take over the
world. -- seen on the net
