Overview

File safe-backup-permissions.patch of Package cronie

Index: cronie-cronie-1.7.0/src/crontab.c
===================================================================
--- cronie-cronie-1.7.0.orig/src/crontab.c
+++ cronie-cronie-1.7.0/src/crontab.c
@@ -520,6 +520,7 @@ static int backup_crontab(const char *cr
 	FILE *backup_file;
 	struct stat sb;
 	int retval = 0;
+	mode_t old_umask;
 	
 	/* create backup directory */
 	if ((env_value = getenv("XDG_CACHE_HOME")) != NULL) {
@@ -590,6 +591,9 @@ static int backup_crontab(const char *cr
 		}
 	}
 	
+  // ensure backup file has strict permssions. Crontabs are not readable for
+  // other users and might contain sensitive information
+	old_umask = umask(0077);
 	if ((backup_file = fopen(backup_path, "w+")) == NULL) {
 		fprintf(stderr, "Failed to write to the backup file: ");
 		perror(backup_path);
@@ -598,6 +602,8 @@ static int backup_crontab(const char *cr
 	}
 
 	swapback:
+	umask(old_umask);
+
 	if (swap_uids_back() < OK) {
 		perror("swapping uids back");
 		exit(ERROR_EXIT);
openSUSE Build Service is sponsored by
Places