From owner-freebsd-bugs Mon Feb 17 05:20:05 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA14469 for bugs-outgoing; Mon, 17 Feb 1997 05:20:05 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id FAA14460; Mon, 17 Feb 1997 05:20:02 -0800 (PST) Date: Mon, 17 Feb 1997 05:20:02 -0800 (PST) Message-Id: <199702171320.FAA14460@freefall.freebsd.org> To: freebsd-bugs Cc: From: mark thompson Subject: Re: bin/2747: at cannot be run in an atjob Reply-To: mark thompson Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR bin/2747; it has been noted by GNATS. From: mark thompson To: joerg_wunsch@uriah.heep.sax.de Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/2747: at cannot be run in an atjob Date: Mon, 17 Feb 1997 05:12:03 -0800 (PST) Date: Sun, 16 Feb 1997 20:48:18 +0100 From: j@uriah.heep.sax.de (J Wunsch) As mark thompson wrote: > You cannot submit an at job from within an at job, since the submitted > job will have the wrong mail address, and atrun will reject it. The People might consider this a feature. :-) So you can't defeat a cron.deny entry with just an at.allow one. I take it from the ascii winky that you are joking. > comments suggest that the code in question (see below) is a hangover > from an earlier day, and no longer appropriate. No, the comments don't suggest this to me, sorry. > - /* Get the userid to mail to, first by trying getlogin(), which reads > - * /etc/utmp, then from LOGNAME, finally from getpwuid(). > + /* Get the userid to mail to, first by LOGNAME, then from getpwuid(). > */ > - mailname = getlogin(); > - if (mailname == NULL) > - mailname = getenv("LOGNAME"); > + mailname = getenv("LOGNAME"); No, sorry, the preference of getlogin() over LOGNAME is a normal sequence. getlogin() is much harder to fake. The comment 'which reads /etc/utmp' does not suggest that it is a holdover from previous times? In any case, let us assume just for a moment that the user does set LOGNAME, then run at to try to spoof the system. WHAT HARM DOES THAT DO? The mailname is the mailbox that the job log is sent to - and atrun verifies that it matches the owner of the submitted job in any case (that's why this fails in the first place). -mark ps. Now mind you - atrun has a buffer size overflow problem in the fscanf that reads this... [HMMM... (looks at 2.2) no, the buffer overflow is still there - AND - someone removed the check of mailname against the file's owner! This seems to be going downhill. ]