File vixie-cron-4.1-crontab-permissions.diff of Package cron

--- vixie-cron-4.1/cron.8
+++ vixie-cron-4.1/cron.8
@@ -84,8 +84,10 @@
 .SH CAVEATS
 In this version of
 .BR cron ,
-/etc/crontab must not be readable or writable by any user other than root.
-In other words, it should be mode 0600.
+/etc/crontab must not be writable by any user other than root.
+No crontab files may be links, or linked to by any other file.
+No crontab files may be executable, or be writable by any user
+other than their owner.
 .SH "SEE ALSO"
 .IR crontab (1),
 .IR crontab (5)
--- vixie-cron-4.1/crontab.5
+++ vixie-cron-4.1/crontab.5
@@ -206,6 +206,13 @@
 @daily     :    Run once a day, ie.   "0 0 * * *".
 @hourly    :    Run once an hour, ie. "0 * * * *".
 .fi
+.SH CAVEATS
+In this version of
+.BR cron ,
+/etc/crontab must not be writable by any user other than root.
+No crontab files may be links, or linked to by any other file.
+No crontab files may be executable, or be writable by any user
+other than their owner.
 .SH AUTHOR
 .nf
 Paul Vixie <vixie@isc.org>
--- vixie-cron-4.1/crontab.c
+++ vixie-cron-4.1/crontab.c
@@ -642,6 +642,7 @@
 		error = -2;
 		goto done;
 	}
+	chmod(n, 0644);
 	TempFilename[0] = '\0';
 	log_it(RealUser, Pid, "REPLACE", User);
 
--- vixie-cron-4.1/database.c
+++ vixie-cron-4.1/database.c
@@ -307,7 +307,7 @@
 		log_it(fname, getpid(), "NOT REGULAR", tabname);
 		goto next_crontab;
 	}
-	if ((statbuf->st_mode & 07777) != 0600) {
+	if ((statbuf->st_mode & 07533) != 0400) {
 		log_it(fname, getpid(), "BAD FILE MODE", tabname);
 		goto next_crontab;
 	}