From owner-freebsd-current@FreeBSD.ORG Tue Feb 28 16:24:50 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B088106564A for ; Tue, 28 Feb 2012 16:24:49 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirj.bris.ac.uk (dirj.bris.ac.uk [137.222.10.78]) by mx1.freebsd.org (Postfix) with ESMTP id 27C3E8FC1B for ; Tue, 28 Feb 2012 16:24:48 +0000 (UTC) Received: from ncsc.bris.ac.uk ([137.222.10.41]) by dirj.bris.ac.uk with esmtp (Exim 4.72) (envelope-from ) id 1S2Pr5-00031F-TW; Tue, 28 Feb 2012 16:24:48 +0000 Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241]) by ncsc.bris.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1S2Pr5-0003yN-Nr; Tue, 28 Feb 2012 16:24:47 +0000 Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.5/8.14.5) with ESMTP id q1SGOlMa058374; Tue, 28 Feb 2012 16:24:47 GMT (envelope-from mexas@bris.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.5/8.14.5/Submit) id q1SGOlZc058373; Tue, 28 Feb 2012 16:24:47 GMT (envelope-from mexas@bris.ac.uk) X-Authentication-Warning: mech-cluster241.men.bris.ac.uk: mexas set sender to mexas@bris.ac.uk using -f Date: Tue, 28 Feb 2012 16:24:47 +0000 From: Anton Shterenlikht To: jb Message-ID: <20120228162447.GB58311@mech-cluster241.men.bris.ac.uk> Mail-Followup-To: jb , freebsd-current@freebsd.org References: <20120228092244.GB48977@mech-cluster241.men.bris.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-current@freebsd.org Subject: Re: negative group permissions? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2012 16:24:50 -0000 On Tue, Feb 28, 2012 at 03:07:43PM +0000, jb wrote: > Anton Shterenlikht bristol.ac.uk> writes: > > > > > This was discussed in questions@ with no resolution. > > Anybody here can advise further? > > ... > > Regarding file .seq or .SEQ > > It is an intermediate-processing (run-time) lockfile found in various spool > dirs and their sub-dirs, like > /var/spool/cron/ > /at, > /lpd, etc. > It is used to save job# by the respective programs (cron, at, etc). > You can find a ref to .SEQ in file at.c in at port sources. > I did not see ref to .seq in lpr or cron port sources. > > The periodic security check > /etc/periodic/security/110.neggrpperm > checks for risque condition like > ! -perm +010 -and -perm +001 > > The file should not be executable, according to its purpose. > > So the lpr.c should be changed from > if ((fd = open(buf, O_RDWR|O_CREAT, 0661)) < 0) { > to > if ((fd = open(buf, O_RDWR|O_CREAT, 0660)) < 0) { > > File a bug report. http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/165533 -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423