diff options
| author | Denis Vlasenko <vda.linux@googlemail.com> | 2008-02-18 11:08:33 +0000 |
|---|---|---|
| committer | Denis Vlasenko <vda.linux@googlemail.com> | 2008-02-18 11:08:33 +0000 |
| commit | c9ca0a32745a43eaa6cb6b7b460718de8ccb84f2 (patch) | |
| tree | 2b4bdf035b3a3c0436ce823e137d969af4d3a06f /miscutils | |
| parent | 56244736ec7d0a3c338f542204aae83fb0200346 (diff) | |
| download | busybox-w32-c9ca0a32745a43eaa6cb6b7b460718de8ccb84f2.tar.gz busybox-w32-c9ca0a32745a43eaa6cb6b7b460718de8ccb84f2.tar.bz2 busybox-w32-c9ca0a32745a43eaa6cb6b7b460718de8ccb84f2.zip | |
mount: recognize "dirsync" (closes bug 835)
mount: sanitize environ if called by non-root
*: adjust for slightly different sanitize routine
Diffstat (limited to 'miscutils')
| -rw-r--r-- | miscutils/crontab.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/miscutils/crontab.c b/miscutils/crontab.c index bc7f56a22..6b6896469 100644 --- a/miscutils/crontab.c +++ b/miscutils/crontab.c | |||
| @@ -97,7 +97,6 @@ int crontab_main(int argc, char **argv) | |||
| 97 | char *user_name; /* -u USER */ | 97 | char *user_name; /* -u USER */ |
| 98 | int fd; | 98 | int fd; |
| 99 | int opt_ler; | 99 | int opt_ler; |
| 100 | uid_t my_uid; | ||
| 101 | 100 | ||
| 102 | /* file [opts] Replace crontab from file | 101 | /* file [opts] Replace crontab from file |
| 103 | * - [opts] Replace crontab from stdin | 102 | * - [opts] Replace crontab from stdin |
| @@ -118,25 +117,22 @@ int crontab_main(int argc, char **argv) | |||
| 118 | OPT_ler = OPT_l + OPT_e + OPT_r, | 117 | OPT_ler = OPT_l + OPT_e + OPT_r, |
| 119 | }; | 118 | }; |
| 120 | 119 | ||
| 121 | my_uid = getuid(); | ||
| 122 | |||
| 123 | opt_complementary = "?1:dr"; /* max one argument; -d implies -r */ | 120 | opt_complementary = "?1:dr"; /* max one argument; -d implies -r */ |
| 124 | opt_ler = getopt32(argv, "u:c:lerd", &user_name, &crontab_dir); | 121 | opt_ler = getopt32(argv, "u:c:lerd", &user_name, &crontab_dir); |
| 125 | argv += optind; | 122 | argv += optind; |
| 126 | 123 | ||
| 127 | if (my_uid != geteuid()) { /* run by non-root? */ | 124 | if (sanitize_env_if_suid()) { /* Clears dangerous stuff, sets PATH */ |
| 125 | /* run by non-root? */ | ||
| 128 | if (opt_ler & (OPT_u|OPT_c)) | 126 | if (opt_ler & (OPT_u|OPT_c)) |
| 129 | bb_error_msg_and_die("only root can use -c or -u"); | 127 | bb_error_msg_and_die("only root can use -c or -u"); |
| 130 | /* Clear dangerous stuff, set PATH */ | ||
| 131 | sanitize_env_for_suid(); | ||
| 132 | } | 128 | } |
| 133 | 129 | ||
| 134 | if (opt_ler & OPT_u) { | 130 | if (opt_ler & OPT_u) { |
| 135 | pas = getpwnam(user_name); | 131 | pas = getpwnam(user_name); |
| 136 | if (!pas) | 132 | if (!pas) |
| 137 | bb_error_msg_and_die("user %s is not known", user_name); | 133 | bb_error_msg_and_die("user %s is not known", user_name); |
| 138 | my_uid = pas->pw_uid; | ||
| 139 | } else { | 134 | } else { |
| 135 | uid_t my_uid = getuid(); | ||
| 140 | pas = getpwuid(my_uid); | 136 | pas = getpwuid(my_uid); |
| 141 | if (!pas) | 137 | if (!pas) |
| 142 | bb_perror_msg_and_die("no user record for UID %u", | 138 | bb_perror_msg_and_die("no user record for UID %u", |
| @@ -144,7 +140,6 @@ int crontab_main(int argc, char **argv) | |||
| 144 | } | 140 | } |
| 145 | 141 | ||
| 146 | #define user_name DONT_USE_ME_BEYOND_THIS_POINT | 142 | #define user_name DONT_USE_ME_BEYOND_THIS_POINT |
| 147 | #define my_uid DONT_USE_ME_BEYOND_THIS_POINT | ||
| 148 | 143 | ||
| 149 | /* From now on, keep only -l, -e, -r bits */ | 144 | /* From now on, keep only -l, -e, -r bits */ |
| 150 | opt_ler &= OPT_ler; | 145 | opt_ler &= OPT_ler; |