Date: Tue, 28 Feb 2012 15:07:43 +0000 (UTC) From: jb <jb.1234abcd@gmail.com> To: freebsd-current@freebsd.org Subject: Re: negative group permissions? Message-ID: <loom.20120228T155607-690@post.gmane.org> References: <20120228092244.GB48977@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Anton Shterenlikht <mexas <at> bristol.ac.uk> writes:
>
> This was discussed in questions@ with no resolution.
> Anybody here can advise further?
> ...
Regarding file .seq or .SEQ
It is an intermediate-processing (run-time) lockfile found in various spool
dirs and their sub-dirs, like
/var/spool/cron/
/at,
/lpd, etc.
It is used to save job# by the respective programs (cron, at, etc).
You can find a ref to .SEQ in file at.c in at port sources.
I did not see ref to .seq in lpr or cron port sources.
The periodic security check
/etc/periodic/security/110.neggrpperm
checks for risque condition like
! -perm +010 -and -perm +001
The file should not be executable, according to its purpose.
So the lpr.c should be changed from
if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0) {
to
if ((fd = open(buf, O_RDWR|O_CREAT, 0660)) < 0) {
File a bug report.
jb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?loom.20120228T155607-690>