Overview

File vixie-cron-4.1-privilege_escalation.patch of Package cron

Index: vixie-cron-4.1/do_command.c
===================================================================
--- vixie-cron-4.1.orig/do_command.c
+++ vixie-cron-4.1/do_command.c
@@ -302,12 +302,24 @@ child_process(entry *e, user *u) {
 			}
 		}
 #else
-		setgid(e->pwd->pw_gid);
+
 		initgroups(usernm, e->pwd->pw_gid);
 #if (defined(BSD)) && (BSD >= 199103)
 		setlogin(usernm);
 #endif /* BSD */
-		setuid(e->pwd->pw_uid);	/* we aren't root after this... */
+
+	if ( setgid(e->pwd->pw_gid) == -1 ) {
+		fprintf(stderr,"can't set gid for %s\n", e->pwd->pw_name);
+		_exit(1);
+	}
+
+	if ( setuid(e->pwd->pw_uid) == -1 ) {
+		fprintf(stderr,"can't set uid for %s\n", e->pwd->pw_name);
+		_exit(1);
+	}
+
+		/* we aren't root after this... */
+
 
 #endif /* LOGIN_CAP */
 		chdir(env_get("HOME", e->envp));
openSUSE Build Service is sponsored by
Places