rpms/vixie-cron/devel vixie-cron-4.1-_42-getseuserbyname.patch, NONE, 1.1 vixie-cron-4.1-_43-config_comments.patch, NONE, 1.1 vixie-cron-4.1-_44-build_env.patch, NONE, 1.1 vixie-cron-4.1-_45-warnings.patch, NONE, 1.1 vixie-cron-4.1-loginuid.patch, 1.3, 1.4 vixie-cron.spec, 1.56, 1.57
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Oct 18 19:09:42 UTC 2005
Author: jvdias
Update of /cvs/dist/rpms/vixie-cron/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv4023
Modified Files:
vixie-cron-4.1-loginuid.patch vixie-cron.spec
Added Files:
vixie-cron-4.1-_42-getseuserbyname.patch
vixie-cron-4.1-_43-config_comments.patch
vixie-cron-4.1-_44-build_env.patch
vixie-cron-4.1-_45-warnings.patch
Log Message:
- fix bug 170830: it was not the pam_stack change - the setuid
mode of crontab was dropped for some reason.
- somehow build_env() invocation was dropped - use pam_env settings.
vixie-cron-4.1-_42-getseuserbyname.patch:
user.c | 25 ++++++++++++++++++-------
1 files changed, 18 insertions(+), 7 deletions(-)
--- NEW FILE vixie-cron-4.1-_42-getseuserbyname.patch ---
--- vixie-cron-4.1/user.c~ 2005-10-14 14:55:17.000000000 -0400
+++ vixie-cron-4.1/user.c 2005-10-14 15:15:07.000000000 -0400
@@ -44,15 +44,26 @@
security_context_t file_context=NULL;
struct av_decision avd;
int retval=0;
+ char *seuser=NULL;
+ char *level=NULL;
*rcontext = NULL;
- if (get_default_context(name, NULL, &scontext)) {
- if (security_getenforce() > 0) {
- log_it(name, getpid(), "No SELinux security context",tabname);
- return -1;
- } else {
- log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
- return 0;
+
+ if (getseuserbyname(name, &seuser, &level) == 0) {
+ retval=get_default_context_with_level(seuser, level, NULL, &scontext);
+ free(seuser);
+ free(level);
+ if (retval) {
+ if (security_getenforce() > 0) {
+ log_it(name, getpid(), "No SELinux security context",tabname);
+ return -1;
+ } else {
+ log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
+ return 0;
+ }
}
+ } else {
+ log_it(name, getpid(), "getseusername FAILED", name);
+ return (security_getenforce() > 0);
}
if (fgetfilecon(crontab_fd, &file_context) < OK) {
vixie-cron-4.1-_43-config_comments.patch:
config.h | 20 ++++++++++----------
1 files changed, 10 insertions(+), 10 deletions(-)
--- NEW FILE vixie-cron-4.1-_43-config_comments.patch ---
--- vixie-cron-4.1/config.h.config_comments 2005-10-18 13:35:03.099232000 -0400
+++ vixie-cron-4.1/config.h 2005-10-18 13:38:45.465643000 -0400
@@ -51,15 +51,15 @@
*/
#define MAILARG _PATH_SENDMAIL /*-*/
-/* #define MAILFMT "%s -d %s" /*-*/
+/* #define MAILFMT "%s -d %s" -*/
/* -d = undocumented but common flag: deliver locally?
*/
-/* #define MAILARG "/bin/mail",mailto /*-*/
+/* #define MAILARG "/bin/mail",mailto -*/
-/* #define MAILFMT "%s -mlrxto %s" /*-*/
-/* #define MAILARG "/usr/mmdf/bin/submit",mailto /*-*/
+/* #define MAILFMT "%s -mlrxto %s" -*/
+/* #define MAILARG "/usr/mmdf/bin/submit",mailto -*/
-/* #define MAIL_DATE /*-*/
+/* #define MAIL_DATE -*/
/* should we include an ersatz Date: header in
* generated mail? if you are using sendmail
* as the mailer, it is better to let sendmail
@@ -84,18 +84,18 @@
/* if you want cron to capitalize its name in ps
* when running a job. Does not work on SYSV.
*/
-/*#define CAPITALIZE_FOR_PS /*-*/
+/*#define CAPITALIZE_FOR_PS -*/
/* if you have a tm_gmtoff member in struct tm.
* If not, we will have to compute the value ourselves.
*/
-/*#define HAVE_TM_GMTOFF /*-*/
+/*#define HAVE_TM_GMTOFF -*/
/* if your OS supports a BSD-style login.conf file */
-/*#define LOGIN_CAP /*-*/
+/*#define LOGIN_CAP -*/
/* if your OS supports BSD authentication */
-/*#define BSD_AUTH /*-*/
+/*#define BSD_AUTH -*/
/* Define this to run crontab setgid instead of
* setuid root. Group access will be used to read
@@ -103,4 +103,4 @@
* If this is not defined then crontab and at
* must be setuid root.
*/
-/*#define CRON_GROUP "crontab" /*-*/
+/*#define CRON_GROUP "crontab" -*/
vixie-cron-4.1-_44-build_env.patch:
do_command.c | 1 +
1 files changed, 1 insertion(+)
--- NEW FILE vixie-cron-4.1-_44-build_env.patch ---
--- vixie-cron-4.1/do_command.c.build_env 2005-10-18 13:41:25.631317000 -0400
+++ vixie-cron-4.1/do_command.c 2005-10-18 14:02:52.162067000 -0400
@@ -188,6 +188,7 @@
PAM_FAIL_CHECK;
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
PAM_FAIL_CHECK;
+ build_env(e->envp);
log_close(); /* PAM has now re-opened our log to auth.info ! */
#endif
vixie-cron-4.1-_45-warnings.patch:
crontab.c | 22 ++++++++++++++--------
do_command.c | 19 ++++++++++++++++---
env.c | 4 ++--
misc.c | 26 ++++++++++++++++++++------
pw_dup.c | 2 +-
5 files changed, 53 insertions(+), 20 deletions(-)
--- NEW FILE vixie-cron-4.1-_45-warnings.patch ---
--- vixie-cron-4.1/env.c.warnings 2004-07-21 09:31:55.000000000 -0400
+++ vixie-cron-4.1/env.c 2005-10-18 14:38:49.499570000 -0400
@@ -48,8 +48,8 @@
int count, i, save_errno;
char **p;
- for (count = 0; envp[count] != NULL; count++)
- NULL;
+ for (count = 0; envp[count] != NULL; count++);
+
p = (char **) malloc((count+1) * sizeof(char *)); /* 1 for the NULL */
if (p != NULL) {
for (i = 0; i < count; i++)
--- vixie-cron-4.1/misc.c.warnings 2005-10-18 14:38:48.732338000 -0400
+++ vixie-cron-4.1/misc.c 2005-10-18 14:38:49.520549000 -0400
@@ -153,7 +153,7 @@
for (test = DebugFlagNames, mask = 1;
*test != NULL && strcmp_until(*test, pc, ',');
test++, mask <<= 1)
- NULL;
+ ;
if (!*test) {
fprintf(stderr,
@@ -255,9 +255,17 @@
}
if (grp != NULL) {
if (sb.st_gid != grp->gr_gid)
- chown(SPOOL_DIR, -1, grp->gr_gid);
+ if( chown(SPOOL_DIR, -1, grp->gr_gid) == -1 )
+ {
+ fprintf(stderr,"chdir %s failed: %s\n", SPOOL_DIR, strerror(errno));
+ exit(ERROR_EXIT);
+ }
if (sb.st_mode != 01730)
- chmod(SPOOL_DIR, 01730);
+ if( chmod(SPOOL_DIR, 01730) == -1 )
+ {
+ fprintf(stderr,"chmod 01730 %s failed: %s\n", SPOOL_DIR, strerror(errno));
+ exit(ERROR_EXIT);
+ }
}
}
@@ -275,7 +283,7 @@
const char *pidfile;
char *ep;
long otherpid=-1;
- ssize_t num;
+ ssize_t num, len;
if (closeflag) {
/* close stashed fd for child so we don't leak it. */
@@ -324,8 +332,14 @@
sprintf(buf, "%ld\n", (long)getpid());
(void) lseek(fd, (off_t)0, SEEK_SET);
- num = write(fd, buf, strlen(buf));
- (void) ftruncate(fd, num);
+ len = strlen(buf);
+ if( (num = write(fd, buf, len)) != len )
+ log_it("CRON", getpid(), "write() failed:", strerror(errno));
+ else
+ {
+ if( ftruncate(fd, num) == -1 )
+ log_it("CRON", getpid(), "ftruncate() failed:", strerror(errno));
+ }
/* abandon fd even though the file is open. we need to keep
* it open and locked, but we don't need the handles elsewhere.
--- vixie-cron-4.1/do_command.c.warnings 2005-10-18 14:38:49.459610000 -0400
+++ vixie-cron-4.1/do_command.c 2005-10-18 14:38:49.541528000 -0400
@@ -137,8 +137,17 @@
/* create some pipes to talk to our future child
*/
- pipe(stdin_pipe); /* child's stdin */
- pipe(stdout_pipe); /* child's stdout */
+ if( pipe(stdin_pipe) == -1 ) /* child's stdin */
+ {
+ log_it("CRON", getpid(), "pipe() failed:", strerror(errno));
+ return;
+ }
+
+ if( pipe(stdout_pipe) == -1 ) /* child's stdout */
+ {
+ log_it("CRON", getpid(), "pipe() failed:", strerror(errno));
+ return;
+ }
/* since we are a forked process, we can diddle the command string
* we were passed -- nobody else is going to use it again, right?
@@ -318,7 +327,11 @@
setuid(e->pwd->pw_uid); /* we aren't root after this... */
#endif /* LOGIN_CAP */
- chdir(env_get("HOME", e->envp));
+ if ( chdir(env_get("HOME", e->envp)) == -1 )
+ {
+ log_it("CRON", getpid(), "chdir(HOME) failed:", strerror(errno));
+ _exit(ERROR_EXIT);
+ }
/*
* Exec the command.
--- vixie-cron-4.1/pw_dup.c.warnings 2005-10-18 14:38:48.714356000 -0400
+++ vixie-cron-4.1/pw_dup.c 2005-10-18 14:38:49.561508000 -0400
@@ -47,7 +47,7 @@
struct passwd *
pw_dup(const struct passwd *pw) {
char *cp;
- size_t nsize=0, psize=0, csize=0, gsize=0, dsize=0, ssize=0, total=0;
+ size_t nsize=0, psize=0, gsize=0, dsize=0, ssize=0, total=0;
struct passwd *newpw;
/* Allocate in one big chunk for easy freeing */
--- vixie-cron-4.1/crontab.c.warnings 2005-10-18 14:38:49.322747000 -0400
+++ vixie-cron-4.1/crontab.c 2005-10-18 14:40:57.490451000 -0400
@@ -283,14 +283,14 @@
static void
delete_cmd(void) {
- char n[MAX_FNAME];
+ char n[MAX_FNAME]="";
if( PromptOnDelete == 1 )
{
printf("crontab: really delete %s's crontab? ", User);
fflush(stdout);
- fgets(n, MAX_FNAME-1, stdin);
- if((n[0] != 'Y') && (n[0] != 'y'))
- exit(0);
+ if( (fgets(n, MAX_FNAME-1, stdin)==0L)
+ ||((n[0] != 'Y') && (n[0] != 'y'))
+ ) exit(0);
}
log_it(RealUser, Pid, "DELETE", User);
@@ -534,7 +534,8 @@
printf("Do you want to retry the same edit? ");
fflush(stdout);
q[0] = '\0';
- (void) fgets(q, sizeof q, stdin);
+ if( fgets(q, sizeof q, stdin) == 0L )
+ continue;
switch (q[0]) {
case 'y':
case 'Y':
@@ -575,7 +576,6 @@
int error = 0;
entry *e;
uid_t file_owner;
- time_t now = time(NULL);
char **envp = env_init();
if (envp == NULL) {
@@ -618,9 +618,15 @@
Set_LineNum(1)
while (EOF != (ch = get_char(NewCrontab)))
putc(ch, tmp);
- ftruncate(fileno(tmp), ftell(tmp)); /* XXX redundant with "w+"? */
+ if( ftruncate(fileno(tmp), ftell(tmp)) == -1 )
+ {
+ fprintf(stderr, "%s: error while writing new crontab to %s\n",
+ ProgramName, TempFilename);
+ fclose(tmp);
+ error = -2;
+ goto done;
+ }
fflush(tmp); rewind(tmp);
-
if (ferror(tmp)) {
fprintf(stderr, "%s: error while writing new crontab to %s\n",
ProgramName, TempFilename);
vixie-cron-4.1-loginuid.patch:
crond.pam | 19 +++++++++++--------
1 files changed, 11 insertions(+), 8 deletions(-)
Index: vixie-cron-4.1-loginuid.patch
===================================================================
RCS file: /cvs/dist/rpms/vixie-cron/devel/vixie-cron-4.1-loginuid.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- vixie-cron-4.1-loginuid.patch 14 Oct 2005 18:34:12 -0000 1.3
+++ vixie-cron-4.1-loginuid.patch 18 Oct 2005 19:09:36 -0000 1.4
@@ -13,11 +13,11 @@
-# to enable this functionality.
-# session required pam_limits.so
+auth sufficient pam_rootok.so
-+auth required pam_stack.so service=system-auth
+auth required pam_env.so
-+account required pam_stack.so service=system-auth
++auth include system-auth
+account required pam_access.so
-+session required pam_stack.so service=system-auth
++account include system-auth
++session include system-auth
+session required pam_loginuid.so
+# To enable PAM user limits for cron jobs,
+# configure /etc/security/limits.conf and
Index: vixie-cron.spec
===================================================================
RCS file: /cvs/dist/rpms/vixie-cron/devel/vixie-cron.spec,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- vixie-cron.spec 14 Oct 2005 20:08:07 -0000 1.56
+++ vixie-cron.spec 18 Oct 2005 19:09:36 -0000 1.57
@@ -1,4 +1,6 @@
+%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
%define WITH_SELINUX 1
+%endif
%if %{?WITH_PAM:0}%{!?WITH_PAM:1}
%define WITH_PAM 1
%endif
@@ -54,12 +56,16 @@
Patch39: vixie-cron-4.1-loginuid.patch
Patch40: vixie_cron-4.1-162887.patch
Patch41: vixie-cron-4.1-CAN-2005-1038-fix-race.patch
-Patch42: vixie-cron-4.1-getseuserbyname.patch
-
+Patch42: vixie-cron-4.1-_42-getseuserbyname.patch
+Patch43: vixie-cron-4.1-_43-config_comments.patch
+Patch44: vixie-cron-4.1-_44-build_env.patch
+Patch45: vixie-cron-4.1-_45-warnings.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root
Requires: sysklogd >= 1.3.33-6, bash >= 2.0
+%if %{WITH_SELINUX}
Requires: libselinux >= 1.25.2-1
Buildrequires: libselinux-devel >= 1.25.2-1
+%endif
%if %{WITH_PAM}
Requires: pam >= 0.77-66.8
Buildrequires: pam-devel
@@ -86,7 +92,11 @@
%patch8 -p1 -b .root-allowed
%patch9 -p1 -b .no-header
%patch10 -p1 -b .manpages
+%if %{WITH_SELINUX}
+#SELinux
+# Enables SELinux support
%patch11 -p1 -b .with_selinux
+%endif
%patch12 -p1 -b .pam
%if %{WITH_PAM}
%patch13 -p1 -b .with_pam
@@ -100,8 +110,10 @@
%patch20 -p1 -b .nickname_man
%patch21 -p1 -b -i_option
%patch22 -p1 -b .no_0600_mode_enforce
+%if %{WITH_SELINUX}
%patch23 -p1 -b .freecon_segv
%patch24 -p1 -b .selinux_crontab_new
+%endif
%patch25 -p1 -b .allow-root-crontab
%patch26 -p1 -b .saved_uids
%patch27 -p1 -b .no-strip-header-comments
@@ -120,9 +132,12 @@
%patch40 -p1 -b .162887
%patch41 -p1 -b .CAN-2005-1038-fix-race
%patch42 -p1 -b .getseuserbyname
+%patch43 -p1 -b .config_comments
+%patch44 -p1 -b .build_env
+%patch45 -p1 -b .warnings
%build
-make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
+make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -g -DLINT -Dlint -Werror"
%install
rm -rf $RPM_BUILD_ROOT
@@ -165,7 +180,7 @@
%defattr(-,root,root)
/usr/sbin/crond
-/usr/bin/crontab
+%attr(6755,root,root) /usr/bin/crontab
%{_mandir}/man8/crond.*
%{_mandir}/man8/cron.*
%{_mandir}/man5/crontab.*
@@ -177,8 +192,13 @@
%config(noreplace) /etc/sysconfig/crond
%changelog
-* Fri Oct 14 2005 Dan Walsh <dwalsh at redhat.com> - 4.1-40.FC5
-- Change to use getseuserbyname for selinux
+* Tue Oct 18 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-39-FC5
+- *** NOTE : please do not modify vixie-cron without contacting ***
+ *** the package maintainer (me at the moment). ***
+ *** Or at least test it first! ***
+- fix bug 170830: it was not the pam_stack change - the setuid
+ mode of crontab was dropped for some reason.
+- somehow build_env() invocation was dropped - use pam_env settings.
* Fri Oct 14 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-39-FC5
- fix bug 170830: the last PAM change disabled all cron jobs.
More information about the fedora-cvs-commits
mailing list