Date: Tue, 28 Feb 2012 16:24:47 +0000 From: Anton Shterenlikht <mexas@bristol.ac.uk> To: jb <jb.1234abcd@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: negative group permissions? Message-ID: <20120228162447.GB58311@mech-cluster241.men.bris.ac.uk> In-Reply-To: <loom.20120228T155607-690@post.gmane.org> References: <20120228092244.GB48977@mech-cluster241.men.bris.ac.uk> <loom.20120228T155607-690@post.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 28, 2012 at 03:07:43PM +0000, jb wrote:
> Anton Shterenlikht <mexas <at> bristol.ac.uk> writes:
>
> >
> > This was discussed in questions@ with no resolution.
> > Anybody here can advise further?
> > ...
>
> Regarding file .seq or .SEQ
>
> It is an intermediate-processing (run-time) lockfile found in various spool
> dirs and their sub-dirs, like
> /var/spool/cron/
> /at,
> /lpd, etc.
> It is used to save job# by the respective programs (cron, at, etc).
> You can find a ref to .SEQ in file at.c in at port sources.
> I did not see ref to .seq in lpr or cron port sources.
>
> The periodic security check
> /etc/periodic/security/110.neggrpperm
> checks for risque condition like
> ! -perm +010 -and -perm +001
>
> The file should not be executable, according to its purpose.
>
> So the lpr.c should be changed from
> if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0) {
> to
> if ((fd = open(buf, O_RDWR|O_CREAT, 0660)) < 0) {
>
> File a bug report.
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/165533
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120228162447.GB58311>