SECURITY: Fix bypass of /etc/cron.{allow,deny} on failure to open
If /etc/cron.allow or /etc/cron.deny weren't readable by the user executing
crontab(1), then they were completely bypassed.
root@...# umask 0027
root@...# touch /etc/cron.allow
# empty cron.allow -> no regular user may use crontab(1)
user@...$ crontab -e
<editor starts>
This was because the return value of the fopen() calls were not being checked,
as it was assumed that a NULL return value implied that these files did not
exist, rendering their role irrelevant.
This adds the missing checks. If fopen() fails, then only in the case of ENOENT
will crontab(1) proceed. In all other cases, the action will be to deny the use
of crontab(1) to the user.
LP: #1813833
Loading
Please register or sign in to comment