e9067d45a1
- Set safe permissions for crontab backups. Add * safe-backup-permissions.patch OBS-URL: https://build.opensuse.org/request/show/1139665 OBS-URL: https://build.opensuse.org/package/show/Base:System/cronie?expand=0&rev=217
32 lines
983 B
Diff
32 lines
983 B
Diff
Index: cronie-cronie-1.7.0/src/crontab.c
|
|
===================================================================
|
|
--- cronie-cronie-1.7.0.orig/src/crontab.c
|
|
+++ cronie-cronie-1.7.0/src/crontab.c
|
|
@@ -520,6 +520,7 @@ static int backup_crontab(const char *cr
|
|
FILE *backup_file;
|
|
struct stat sb;
|
|
int retval = 0;
|
|
+ mode_t old_umask;
|
|
|
|
/* create backup directory */
|
|
if ((env_value = getenv("XDG_CACHE_HOME")) != NULL) {
|
|
@@ -590,6 +591,9 @@ static int backup_crontab(const char *cr
|
|
}
|
|
}
|
|
|
|
+ // ensure backup file has strict permssions. Crontabs are not readable for
|
|
+ // other users and might contain sensitive information
|
|
+ old_umask = umask(0077);
|
|
if ((backup_file = fopen(backup_path, "w+")) == NULL) {
|
|
fprintf(stderr, "Failed to write to the backup file: ");
|
|
perror(backup_path);
|
|
@@ -598,6 +602,8 @@ static int backup_crontab(const char *cr
|
|
}
|
|
|
|
swapback:
|
|
+ umask(old_umask);
|
|
+
|
|
if (swap_uids_back() < OK) {
|
|
perror("swapping uids back");
|
|
exit(ERROR_EXIT);
|