Author: hawk Date: Fri Sep 2 11:16:26 2005 GMT Module: SOURCES Tag: HEAD ---- Log message: - previous versions of patches ported from vixie-cron 3.x to 4.x were either messed up or not adjusted to source changes: * ported crond.patch, noroot.patch, pam.patch, security3.patch, and sprintf.patch from * ported redhat.patch and DESTDIR.patch into pld.patch * ported selinux.patch and selinux-pld.patch into selinux.patch
---- Files affected: SOURCES: vixie-cron-crond.patch (1.10 -> 1.11) , vixie-cron-noroot.patch (1.2 -> 1.3) , vixie-cron-pam.patch (1.2 -> 1.3) , vixie-cron-pld.patch (1.3 -> 1.4) , vixie-cron-security3.patch (1.2 -> 1.3) , vixie-cron-selinux.patch (1.5 -> 1.6) , vixie-cron-sprintf.patch (1.2 -> 1.3) ---- Diffs: ================================================================ Index: SOURCES/vixie-cron-crond.patch diff -u SOURCES/vixie-cron-crond.patch:1.10 SOURCES/vixie-cron-crond.patch:1.11 --- SOURCES/vixie-cron-crond.patch:1.10 Tue Aug 2 13:07:11 2005 +++ SOURCES/vixie-cron-crond.patch Fri Sep 2 13:16:20 2005 @@ -1,6 +1,6 @@ -diff -uNr vixie-cron-4.1.p7/cron.8 vixie-cron-4.1/cron.8 ---- vixie-cron-4.1.p7/cron.8 2005-07-24 00:11:24.000000000 +0200 -+++ vixie-cron-4.1/cron.8 2005-07-24 22:34:43.000000000 +0200 +diff -ur vixie.orig/cron.8 vixie/cron.8 +--- vixie.orig/cron.8 2005-09-01 22:06:02.000000000 +0200 ++++ vixie/cron.8 2005-09-02 08:32:11.000000000 +0200 @@ -39,7 +39,8 @@ searches /var/spool/cron for crontab files which are named after accounts in /etc/passwd; crontabs found are loaded into memory. @@ -11,9 +11,9 @@ .IR crontab (5)). .I Cron then wakes up every minute, examining all stored crontabs, checking each -diff -uNr vixie-cron-4.1.p7/database.c vixie-cron-4.1/database.c ---- vixie-cron-4.1.p7/database.c 2005-07-23 12:40:31.000000000 +0200 -+++ vixie-cron-4.1/database.c 2005-07-24 22:39:30.000000000 +0200 +diff -ur vixie.orig/database.c vixie/database.c +--- vixie.orig/database.c 2005-09-01 22:40:02.000000000 +0200 ++++ vixie/database.c 2005-09-02 08:52:37.000000000 +0200 @@ -36,7 +36,7 @@ void @@ -31,7 +31,7 @@ + log_it("CRON", getpid(), "STAT FAILED", "/etc/cron.d"); + (void) exit(ERROR_EXIT); + } -+ ++ /* track system crontab file */ if (stat(SYSCRONTAB, &syscron_stat) < OK) @@ -41,7 +41,7 @@ */ - if (old_db->mtime == TMAX(statbuf.st_mtime, syscron_stat.st_mtime)) { + if (old_db->mtime == TMAX(crond_stat.st_mtime, -+ TMAX(statbuf.st_mtime, syscron_stat.st_mtime))) { ++ TMAX(statbuf.st_mtime, syscron_stat.st_mtime))) { Debug(DLOAD, ("[%ld] spool dir mtime unch, no load needed.\n", (long)getpid())) return; @@ -51,7 +51,7 @@ */ - new_db.mtime = TMAX(statbuf.st_mtime, syscron_stat.st_mtime); + new_db.mtime = TMAX(crond_stat.st_mtime, -+ TMAX(statbuf.st_mtime, syscron_stat.st_mtime)); ++ TMAX(statbuf.st_mtime, syscron_stat.st_mtime)); new_db.head = new_db.tail = NULL; if (syscron_stat.st_mtime) @@ -80,7 +80,7 @@ + if (dp->d_name[ln-1] == '~') + continue; + -+ /* ignore *.rpmnew and *.rpmsave files */ ++ /* ignore *.rpmnew, *.rpmsave and *.rpmorig files */ + if ((ln > 7 && strstr(&dp->d_name[ln-7], ".rpmnew")) || + (ln > 8 && strstr(&dp->d_name[ln-8], ".rpmsave")) || + (ln > 8 && strstr(&dp->d_name[ln-8], ".rpmorig"))) @@ -97,7 +97,7 @@ /* we used to keep this dir open all the time, for the sake of * efficiency. however, we need to close it in every fork, and * we fork a lot more often than the mtime of the dir changes. -@@ -263,7 +263,7 @@ +@@ -206,7 +249,7 @@ log_it(fname, getpid(), "NOT REGULAR", tabname); goto next_crontab; } @@ -106,9 +106,9 @@ log_it(fname, getpid(), "BAD FILE MODE", tabname); goto next_crontab; } -diff -uNr vixie-cron-4.1.p7/FEATURES vixie-cron-4.1/FEATURES ---- vixie-cron-4.1.p7/FEATURES 2005-07-23 12:40:30.000000000 +0200 -+++ vixie-cron-4.1/FEATURES 2005-07-24 22:35:17.000000000 +0200 +diff -ur vixie.orig/FEATURES vixie/FEATURES +--- vixie.orig/FEATURES 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/FEATURES 2005-09-02 08:28:47.000000000 +0200 @@ -82,3 +82,8 @@ act this way and do the more reasonable thing, which is (IMHO) to "or" the various field-matches together. In that sense this cron may not ================================================================ Index: SOURCES/vixie-cron-noroot.patch diff -u SOURCES/vixie-cron-noroot.patch:1.2 SOURCES/vixie-cron-noroot.patch:1.3 --- SOURCES/vixie-cron-noroot.patch:1.2 Mon Jul 25 12:45:08 2005 +++ SOURCES/vixie-cron-noroot.patch Fri Sep 2 13:16:20 2005 @@ -1,28 +1,29 @@ -diff -uNr vixie-cron-4.1.p19/crontab.c vixie-cron-4.1/crontab.c ---- vixie-cron-4.1.p19/crontab.c 2005-07-24 23:23:18.000000000 +0200 -+++ vixie-cron-4.1/crontab.c 2005-07-24 23:35:28.000000000 +0200 -@@ -288,6 +288,7 @@ +diff -ur vixie.orig/crontab.c vixie/crontab.c +--- vixie.orig/crontab.c 2005-09-02 10:08:01.000000000 +0200 ++++ vixie/crontab.c 2005-09-02 10:08:56.000000000 +0200 +@@ -293,7 +293,7 @@ + edit_cmd(void) { char n[MAX_FNAME], q[MAX_TEMPSTR], *editor; FILE *f; - int ch, t, x; -+ uid_t saved_uid; +- int ch, t, x; ++ int ch, t, x, saved_uid; struct stat statbuf; struct utimbuf utimebuf; WAIT_T waiter; -@@ -376,6 +377,12 @@ +@@ -382,6 +382,12 @@ exit(ERROR_EXIT); } utime(Filename, &utimebuf); + /* Do not move this statement! */ -+ saved_uid = MY_UID(pw); ++ saved_uid = getuid(); + if (saved_uid < 0) { + perror("getuid"); + exit(ERROR_EXIT); -+ } ++ } again: rewind(NewCrontab); if (ferror(NewCrontab)) { -@@ -409,7 +416,7 @@ +@@ -415,7 +421,7 @@ perror("setgid(getgid())"); exit(ERROR_EXIT); } ================================================================ Index: SOURCES/vixie-cron-pam.patch diff -u SOURCES/vixie-cron-pam.patch:1.2 SOURCES/vixie-cron-pam.patch:1.3 --- SOURCES/vixie-cron-pam.patch:1.2 Mon Jul 25 12:45:39 2005 +++ SOURCES/vixie-cron-pam.patch Fri Sep 2 13:16:20 2005 @@ -1,6 +1,6 @@ -diff -uNr vixie-cron-4.1.p20/do_command.c vixie-cron-4.1/do_command.c ---- vixie-cron-4.1.p20/do_command.c 2005-07-24 23:13:19.000000000 +0200 -+++ vixie-cron-4.1/do_command.c 2005-07-24 23:41:34.000000000 +0200 +diff -ur vixie.orig/do_command.c vixie/do_command.c +--- vixie.orig/do_command.c 2005-09-02 08:59:14.000000000 +0200 ++++ vixie/do_command.c 2005-09-02 09:42:17.000000000 +0200 @@ -25,6 +25,17 @@ #include "cron.h" @@ -8,8 +8,8 @@ +#include <security/pam_appl.h> +static pam_handle_t *pamh = NULL; +static const struct pam_conv conv = { -+ NULL -+}; ++ NULL ++ }; +#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ + fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ + syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ @@ -27,7 +27,7 @@ Debug(DPROC, ("[%ld] child_process('%s')\n", (long)getpid(), e->cmd)) -@@ -135,6 +147,15 @@ +@@ -134,6 +146,15 @@ *p = '\0'; } @@ -43,9 +43,11 @@ /* fork again, this time so we can exec the user's command. */ switch (vfork()) { -@@ -516,6 +537,9 @@ +@@ -513,7 +534,11 @@ + if (WIFSIGNALED(waiter) && WCOREDUMP(waiter)) Debug(DPROC, (", dumped core")) Debug(DPROC, ("\n")) ++ } + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); + retcode = pam_close_session(pamh, PAM_SILENT); @@ -53,9 +55,9 @@ } static int -diff -uNr vixie-cron-4.1.p20/Makefile vixie-cron-4.1/Makefile ---- vixie-cron-4.1.p20/Makefile 2005-07-24 00:05:03.000000000 +0200 -+++ vixie-cron-4.1/Makefile 2005-07-24 23:37:58.000000000 +0200 +diff -ur vixie.orig/Makefile vixie/Makefile +--- vixie.orig/Makefile 2005-09-01 22:17:26.000000000 +0200 ++++ vixie/Makefile 2005-09-02 09:38:53.000000000 +0200 @@ -59,7 +59,7 @@ INCLUDE = -I. #INCLUDE = @@ -65,12 +67,3 @@ #<<optimize or debug?>> CDEBUG = $(RPM_OPT_FLAGS) #CDEBUG = -g -@@ -68,7 +68,7 @@ - #<<want to use a nonstandard CC?>> - CC = gcc -Wall -Wno-unused -Wno-comment - #<<manifest defines>> --DEFS = -s -+DEFS = - #(SGI IRIX systems need this) - #DEFS = -D_BSD_SIGNALS -Dconst= - #<<the name of the BSD-like install program>> ================================================================ Index: SOURCES/vixie-cron-pld.patch diff -u SOURCES/vixie-cron-pld.patch:1.3 SOURCES/vixie-cron-pld.patch:1.4 --- SOURCES/vixie-cron-pld.patch:1.3 Wed Aug 3 15:19:56 2005 +++ SOURCES/vixie-cron-pld.patch Fri Sep 2 13:16:20 2005 @@ -1,6 +1,6 @@ -diff -uNr vixie-cron-4.1.orig/cron.8 vixie-cron-4.1/cron.8 ---- vixie-cron-4.1.orig/cron.8 2005-07-23 12:40:30.000000000 +0200 -+++ vixie-cron-4.1/cron.8 2005-07-24 00:11:24.000000000 +0200 +diff -ur vixie.orig/cron.8 vixie/cron.8 +--- vixie.orig/cron.8 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/cron.8 2005-09-02 09:45:56.000000000 +0200 @@ -36,7 +36,7 @@ starting it out of init. .PP @@ -10,9 +10,9 @@ /etc/passwd; crontabs found are loaded into memory. .I Cron also searches for /etc/crontab which is in a different format (see -diff -uNr vixie-cron-4.1.orig/crontab.1 vixie-cron-4.1/crontab.1 ---- vixie-cron-4.1.orig/crontab.1 2005-07-23 12:40:30.000000000 +0200 -+++ vixie-cron-4.1/crontab.1 2005-07-24 00:12:10.000000000 +0200 +diff -ur vixie.orig/crontab.1 vixie/crontab.1 +--- vixie.orig/crontab.1 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/crontab.1 2005-09-02 09:45:56.000000000 +0200 @@ -88,8 +88,8 @@ crontab(5), cron(8) .SH FILES @@ -24,10 +24,22 @@ .fi .SH STANDARDS The -diff -uNr vixie-cron-4.1.orig/Makefile vixie-cron-4.1/Makefile ---- vixie-cron-4.1.orig/Makefile 2005-07-23 12:40:30.000000000 +0200 -+++ vixie-cron-4.1/Makefile 2005-07-24 00:05:03.000000000 +0200 -@@ -54,28 +54,28 @@ +diff -ur vixie.orig/globals.h vixie/globals.h +--- vixie.orig/globals.h 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/globals.h 2005-09-02 09:45:56.000000000 +0200 +@@ -59,7 +59,7 @@ + #endif + ; + +-XTRN char *ProgramName INIT("amnesia"); ++XTRN char *ProgramName INIT("crond"); + XTRN int LineNumber INIT(0); + XTRN time_t StartTime INIT(0); + XTRN int NoFork INIT(0); +diff -ur vixie.orig/Makefile vixie/Makefile +--- vixie.orig/Makefile 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/Makefile 2005-09-02 09:46:13.000000000 +0200 +@@ -54,15 +54,15 @@ DESTROOT = $(DESTDIR)/usr DESTSBIN = $(DESTROOT)/sbin DESTBIN = $(DESTROOT)/bin @@ -46,13 +58,7 @@ #<<lint flags of choice?>> LINTFLAGS = -hbxa $(INCLUDE) $(DEBUGGING) #<<want to use a nonstandard CC?>> - CC = gcc -Wall -Wno-unused -Wno-comment - #<<manifest defines>> --DEFS = -+DEFS = -s - #(SGI IRIX systems need this) - #DEFS = -D_BSD_SIGNALS -Dconst= - #<<the name of the BSD-like install program>> +@@ -75,7 +75,7 @@ #INSTALL = installbsd INSTALL = install #<<any special load flags>> @@ -61,7 +67,7 @@ #################################### end configurable stuff SHELL = /bin/sh -@@ -110,13 +110,16 @@ +@@ -110,23 +110,26 @@ $(CC) $(LDFLAGS) -o crontab $(CRONTAB_OBJ) $(LIBS) install : all @@ -82,19 +88,21 @@ distclean : clean rm -f *.orig *.rej *.BAK *.CKP *~ #* -@@ -126,7 +129,8 @@ - rm -f *.o + rm -f a.out core tags + + clean : +- rm -f *.o ++ rm -f *.o a.out core tags *~ #* rm -f cron crontab -tags :; ctags ${SOURCES} -+tags : -+ ctags ${SOURCES} ++tags : ctags ${SOURCES} kit : $(SHAR_SOURCE) shar $(SHAR_SOURCE) >kit -diff -uNr vixie-cron-4.1.orig/pathnames.h vixie-cron-4.1/pathnames.h ---- vixie-cron-4.1.orig/pathnames.h 2005-07-23 12:40:30.000000000 +0200 -+++ vixie-cron-4.1/pathnames.h 2005-07-24 00:14:24.000000000 +0200 +diff -ur vixie.orig/pathnames.h vixie/pathnames.h +--- vixie.orig/pathnames.h 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/pathnames.h 2005-09-02 09:45:56.000000000 +0200 @@ -35,7 +35,7 @@ * to; SPOOL_DIR, CRON_ALLOW, CRON_DENY, and LOG_FILE * are all relative to this directory. @@ -126,7 +134,7 @@ * be used. */ -#define LOG_FILE "log" -+#undef LOG_FILE ++#define LOG_FILE "/var/log/cron" /* where should the daemon stick its PID? * PIDDIR must end in '/'. @@ -139,15 +147,3 @@ #define _PATH_CRON_PID PIDDIR PIDFILE /* 4.3BSD-style crontab */ -diff -uNr vixie-cron-4.1.orig/globals.h vixie-cron-4.1/globals.h ---- vixie-cron-4.1.orig/globals.h 2005-08-03 15:03:12.699629976 +0200 -+++ vixie-cron-4.1/globals.h 2005-08-03 15:03:58.225708960 +0200 -@@ -59,7 +59,7 @@ - #endif - ; - --XTRN char *ProgramName INIT("amnesia"); -+XTRN char *ProgramName INIT("crond"); - XTRN int LineNumber INIT(0); - XTRN time_t StartTime INIT(0); - XTRN int NoFork INIT(0); ================================================================ Index: SOURCES/vixie-cron-security3.patch diff -u SOURCES/vixie-cron-security3.patch:1.2 SOURCES/vixie-cron-security3.patch:1.3 --- SOURCES/vixie-cron-security3.patch:1.2 Mon Jul 25 12:44:50 2005 +++ SOURCES/vixie-cron-security3.patch Fri Sep 2 13:16:20 2005 @@ -1,12 +1,16 @@ -diff -uNr vixie-cron-4.1.p18/crontab.c vixie-cron-4.1/crontab.c ---- vixie-cron-4.1.p18/crontab.c 2005-07-23 12:40:30.000000000 +0200 -+++ vixie-cron-4.1/crontab.c 2005-07-24 23:23:18.000000000 +0200 -@@ -132,8 +132,10 @@ +diff -ur vixie.orig/crontab.c vixie/crontab.c +--- vixie.orig/crontab.c 2005-09-01 22:40:02.000000000 +0200 ++++ vixie/crontab.c 2005-09-02 09:28:05.000000000 +0200 +@@ -132,8 +132,14 @@ fprintf(stderr, "username too long\n"); exit(ERROR_EXIT); } - strcpy(User, pw->pw_name); - strcpy(RealUser, User); ++ if (strlen (pw->pw_name) >= sizeof(User)) { ++ fprintf(stderr, "crontab: fatal: username too long\n"); ++ exit(ERROR_EXIT); ++ } + memset(User,0,MAX_UNAME); + memset(RealUser,0,MAX_UNAME); + strncpy(User, pw->pw_name, MAX_UNAME - 1); @@ -14,7 +18,7 @@ Filename[0] = '\0'; Option = opt_unknown; while (-1 != (argch = getopt(argc, argv, getoptargs))) { -@@ -157,7 +159,7 @@ +@@ -157,7 +163,7 @@ } if (strlen(optarg) >= sizeof User) usage("username too long"); @@ -23,18 +27,19 @@ break; case 'l': if (Option != opt_unknown) -diff -uNr vixie-cron-4.1.p18/macros.h vixie-cron-4.1/macros.h ---- vixie-cron-4.1.p18/macros.h 2005-07-23 12:40:30.000000000 +0200 -+++ vixie-cron-4.1/macros.h 2005-07-24 23:19:19.000000000 +0200 +diff -ur vixie.orig/macros.h vixie/macros.h +--- vixie.orig/macros.h 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/macros.h 2005-09-02 09:31:47.000000000 +0200 @@ -48,7 +48,12 @@ #define MAX_COMMAND 1000 /* max length of internally generated cmd */ #define MAX_ENVSTR 1000 /* max length of envvar=value\0 strings */ #define MAX_TEMPSTR 100 /* obvious */ +-#define MAX_UNAME 33 /* max length of username, should be overkill */ +#if defined(__GLIBC__) && ( __GLIBC__ >= 2 ) +#include <utmpx.h> +#define MAX_UNAME __UT_NAMESIZE +#else - #define MAX_UNAME 33 /* max length of username, should be overkill */ ++#define MAX_UNAME 32 /* max length of username, should be overkill */ +#endif #define ROOT_UID 0 /* don't change this, it really must be root */ #define ROOT_USER "root" /* ditto */ ================================================================ Index: SOURCES/vixie-cron-selinux.patch diff -u SOURCES/vixie-cron-selinux.patch:1.5 SOURCES/vixie-cron-selinux.patch:1.6 --- SOURCES/vixie-cron-selinux.patch:1.5 Sat Jul 30 12:54:19 2005 +++ SOURCES/vixie-cron-selinux.patch Fri Sep 2 13:16:20 2005 @@ -1,6 +1,6 @@ -diff -uNr vixie-cron-4.1.p22/cron.c vixie-cron-4.1/cron.c ---- vixie-cron-4.1.p22/cron.c 2005-07-23 12:40:30.000000000 +0200 -+++ vixie-cron-4.1/cron.c 2005-07-24 23:59:50.000000000 +0200 +diff -u vixie.orig/cron.c vixie/cron.c +--- vixie.orig/cron.c 2005-09-02 12:24:57.000000000 +0200 ++++ vixie/cron.c 2005-09-02 12:25:28.000000000 +0200 @@ -110,7 +110,7 @@ break; case 0: @@ -10,9 +10,9 @@ if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) >= 0) { (void) dup2(fd, STDIN); (void) dup2(fd, STDOUT); -diff -uNr vixie-cron-4.1.p22/database.c vixie-cron-4.1/database.c ---- vixie-cron-4.1.p22/database.c 2005-07-24 23:50:09.000000000 +0200 -+++ vixie-cron-4.1/database.c 2005-07-25 00:22:09.000000000 +0200 +diff -u vixie.orig/database.c vixie/database.c +--- vixie.orig/database.c 2005-09-02 12:24:57.000000000 +0200 ++++ vixie/database.c 2005-09-02 12:25:28.000000000 +0200 @@ -28,6 +28,15 @@ #include "cron.h" @@ -38,7 +38,7 @@ } else if ((pw = getpwnam(uname)) == NULL) { /* file doesn't have a user in passwd file. */ -@@ -293,6 +302,60 @@ +@@ -288,6 +297,59 @@ free_user(u); log_it(fname, getpid(), "RELOAD", tabname); } @@ -56,7 +56,7 @@ + } else { + log_it(fname, getpid(), "getfilecon FAILED but SELinux in permissive mode, continuing", tabname); + goto selinux_out; -+ } ++ } + } + + /* @@ -68,12 +68,12 @@ + */ + if (get_default_context(fname, NULL, &user_context)) { + freecon(file_context); -+ if (security_getenforce() > 0) { -+ log_it(fname, getpid(), "NO CONTEXT", tabname); -+ goto next_crontab; ++ if (security_getenforce() > 0) { ++ log_it(fname, getpid(), "NO CONTEXT", tabname); ++ goto next_crontab; + } else { -+ log_it(fname, getpid(), "NO CONTEXT but SELinux in permissive mode, continuing", tabname); -+ goto selinux_out; ++ log_it(fname, getpid(), "NO CONTEXT but SELinux in permissive mode, continuing", tabname); ++ goto selinux_out; + } + } + retval = security_compute_av(user_context, @@ -93,15 +93,14 @@ + } + } +selinux_out: -+ ((void)0); + } +#endif u = load_user(crontab_fd, pw, fname); if (u != NULL) { u->mtime = statbuf->st_mtime; -diff -uNr vixie-cron-4.1.p22/do_command.c vixie-cron-4.1/do_command.c ---- vixie-cron-4.1.p22/do_command.c 2005-07-25 00:07:52.000000000 +0200 -+++ vixie-cron-4.1/do_command.c 2005-07-25 00:21:27.000000000 +0200 +diff -u vixie.orig/do_command.c vixie/do_command.c +--- vixie.orig/do_command.c 2005-09-02 12:24:57.000000000 +0200 ++++ vixie/do_command.c 2005-09-02 12:27:57.000000000 +0200 @@ -23,6 +23,10 @@ static char rcsid[] = "$Id$"; #endif @@ -113,35 +112,35 @@ #include "cron.h" #include <security/pam_appl.h> -@@ -295,6 +299,25 @@ - */ - (void) signal(SIGCHLD, SIG_DFL); - #endif /*USE_SIGCHLD*/ +@@ -293,6 +297,25 @@ + _exit(OK_EXIT); + } + # endif /*DEBUGGING*/ +#ifdef WITH_SELINUX + if (is_selinux_enabled()>0) { -+ security_context_t scontext; -+ if (get_default_context(u->name, NULL, &scontext)) { -+ if (security_getenforce() > 0) { -+ fprintf(stderr, "execle: couldn't get security context for user %s\n", u->name); -+ _exit(ERROR_EXIT); ++ security_context_t scontext; ++ if (get_default_context(u->name, NULL, &scontext)) { ++ if (security_getenforce() > 0) { ++ fprintf(stderr, "execle: couldn't get security context for user %s\n", u->name); ++ _exit(ERROR_EXIT); ++ } ++ } else { ++ if (setexeccon(scontext) < 0) { ++ if (security_getenforce() > 0) { ++ fprintf(stderr, "Could not set exec context to %s for user %s\n", scontext,u->name); ++ _exit(ERROR_EXIT); ++ } ++ } ++ freecon(scontext); + } -+ } else { -+ if (setexeccon(scontext) < 0) { -+ if (security_getenforce() > 0) { -+ fprintf(stderr, "Could not set exec context to %s for user %s\n", scontext,u->name); -+ _exit(ERROR_EXIT); -+ } -+ } -+ freecon(scontext); -+ } -+ } -+#endif /*WITH_SELINUX*/ ++ } ++#endif execle(shell, shell, "-c", e->cmd, (char *)0, e->envp); fprintf(stderr, "execl: couldn't exec `%s'\n", shell); perror("execl"); -diff -uNr vixie-cron-4.1.p22/Makefile vixie-cron-4.1/Makefile ---- vixie-cron-4.1.p22/Makefile 2005-07-24 23:37:58.000000000 +0200 -+++ vixie-cron-4.1/Makefile 2005-07-25 00:00:34.000000000 +0200 +diff -u vixie.orig/Makefile vixie/Makefile +--- vixie.orig/Makefile 2005-09-02 12:24:57.000000000 +0200 ++++ vixie/Makefile 2005-09-02 12:25:28.000000000 +0200 @@ -59,7 +59,7 @@ INCLUDE = -I. #INCLUDE = @@ -155,7 +154,7 @@ #<<want to use a nonstandard CC?>> CC = gcc -Wall -Wno-unused -Wno-comment #<<manifest defines>> --DEFS = +-DEFS = +DEFS = -DWITH_SELINUX #(SGI IRIX systems need this) #DEFS = -D_BSD_SIGNALS -Dconst= ================================================================ Index: SOURCES/vixie-cron-sprintf.patch diff -u SOURCES/vixie-cron-sprintf.patch:1.2 SOURCES/vixie-cron-sprintf.patch:1.3 --- SOURCES/vixie-cron-sprintf.patch:1.2 Mon Jul 25 12:38:17 2005 +++ SOURCES/vixie-cron-sprintf.patch Fri Sep 2 13:16:20 2005 @@ -1,6 +1,6 @@ -diff -uNr vixie-cron-4.1.p0/do_command.c vixie-cron-4.1/do_command.c ---- vixie-cron-4.1.p0/do_command.c 2005-07-23 12:40:31.000000000 +0200 -+++ vixie-cron-4.1/do_command.c 2005-07-24 21:57:56.000000000 +0200 +diff -ur vixie.orig/do_command.c vixie/do_command.c +--- vixie.orig/do_command.c 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/do_command.c 2005-09-01 22:43:36.000000000 +0200 @@ -412,7 +412,7 @@ fprintf(stderr, "mailcmd too long\n"); (void) _exit(ERROR_EXIT); @@ -19,9 +19,9 @@ "mailed %d byte%s of output but got status 0x%04x\n", bytes, (bytes==1)?"":"s", status); -diff -uNr vixie-cron-4.1.p0/misc.c vixie-cron-4.1/misc.c ---- vixie-cron-4.1.p0/misc.c 2005-07-23 12:40:31.000000000 +0200 -+++ vixie-cron-4.1/misc.c 2005-07-24 22:15:24.000000000 +0200 +diff -ur vixie.orig/misc.c vixie/misc.c +--- vixie.orig/misc.c 2005-09-01 20:26:31.000000000 +0200 ++++ vixie/misc.c 2005-09-01 22:53:45.000000000 +0200 @@ -290,7 +290,7 @@ pidfile = _PATH_CRON_PID; /* Initial mode is 0600 to prevent flock() race/DoS. */ @@ -50,12 +50,21 @@ pidfile, otherpid, strerror(save_errno)); fprintf(stderr, "%s: %s\n", ProgramName, buf); log_it("CRON", getpid(), "DEATH", buf); -@@ -473,16 +473,18 @@ +@@ -322,7 +322,7 @@ + (void) fcntl(fd, F_SETFD, 1); + } + +- sprintf(buf, "%ld\n", (long)getpid()); ++ snprintf(buf, MAX_TEMPSTR, "%ld\n", (long)getpid()); + (void) lseek(fd, (off_t)0, SEEK_SET); + num = write(fd, buf, strlen(buf)); + (void) ftruncate(fd, num); +@@ -473,16 +473,19 @@ TIME_T now = time((TIME_T) 0); struct tm *t = localtime(&now); #endif /*LOG_FILE*/ -- -+ int msg_size; ++ int msg_size; <<Diff was trimmed, longer than 597 lines>> ---- CVS-web: http://cvs.pld-linux.org/SOURCES/vixie-cron-crond.patch?r1=1.10&r2=1.11&f=u http://cvs.pld-linux.org/SOURCES/vixie-cron-noroot.patch?r1=1.2&r2=1.3&f=u http://cvs.pld-linux.org/SOURCES/vixie-cron-pam.patch?r1=1.2&r2=1.3&f=u http://cvs.pld-linux.org/SOURCES/vixie-cron-pld.patch?r1=1.3&r2=1.4&f=u http://cvs.pld-linux.org/SOURCES/vixie-cron-security3.patch?r1=1.2&r2=1.3&f=u http://cvs.pld-linux.org/SOURCES/vixie-cron-selinux.patch?r1=1.5&r2=1.6&f=u http://cvs.pld-linux.org/SOURCES/vixie-cron-sprintf.patch?r1=1.2&r2=1.3&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit