From owner-freebsd-hackers  Thu Jul 11 15: 8:53 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 743DD37B400
	for <freebsd-hackers@FreeBSD.ORG>; Thu, 11 Jul 2002 15:08:48 -0700 (PDT)
Received: from smtp.noos.fr (verlaine.noos.net [212.198.2.73])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 69DE843E3B
	for <freebsd-hackers@FreeBSD.ORG>; Thu, 11 Jul 2002 15:08:47 -0700 (PDT)
	(envelope-from root@gits.dyndns.org)
Received: (qmail 31135744 invoked by uid 0); 11 Jul 2002 22:08:46 -0000
Received: from unknown (HELO gits.gits.dyndns.org) ([212.198.229.153]) (envelope-sender <root@gits.dyndns.org>)
          by 212.198.2.73 (qmail-ldap-1.03) with SMTP
          for <nick@garage.freebsd.pl>; 11 Jul 2002 22:08:46 -0000
Received: from gits.gits.dyndns.org (gw56qdkgvgqu1zb0@localhost [127.0.0.1])
	by gits.gits.dyndns.org (8.12.5/8.12.5) with ESMTP id g6BM8jTL023478;
	Fri, 12 Jul 2002 00:08:45 +0200 (CEST)
	(envelope-from root@gits.dyndns.org)
Received: (from root@localhost)
	by gits.gits.dyndns.org (8.12.5/8.12.5/Submit) id g6BM8jcS023477;
	Fri, 12 Jul 2002 00:08:45 +0200 (CEST)
	(envelope-from root)
Date: Fri, 12 Jul 2002 00:08:44 +0200
From: Cyrille Lefevre <cyrille.lefevre@laposte.net>
To: Pawel Jakub Dawidek <nick@garage.freebsd.pl>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: No suid crontab(1).
Message-ID: <20020711220844.GC21234@gits.dyndns.org>
Mail-Followup-To: Cyrille Lefevre <cyrille.lefevre@laposte.net>,
	Pawel Jakub Dawidek <nick@garage.freebsd.pl>,
	freebsd-hackers@FreeBSD.ORG
References: <20020711105214.GJ12920@garage.freebsd.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020711105214.GJ12920@garage.freebsd.pl>
User-Agent: Mutt/1.3.99i
Organization: ACME
X-Face: V|+c;4!|B?E%BE^{E6);aI.[<<r#uCVjK"~Ke!@0vxS/.,wki/c|uVnNV!BA-_gY2sfoGc3
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Thu, Jul 11, 2002 at 12:52:14PM +0200, Pawel Jakub Dawidek wrote:
[snip]
> @@ -592,11 +577,19 @@
>  	}
>  
>  	(void) sprintf(n, CRON_TAB(User));
> +	chflags(n, 0);

please, backup old flags such as (oflags = chflags(n, 0)) since
you don't know if only UF_IMMUTABLE is used.

>  	if (rename(tn, n)) {
>  		warn("error renaming %s to %s", tn, n);
>  		unlink(tn);
>  		return (-2);
>  	}

then chflags(oflags|UF_IMMUTABLE).

> +	if (chflags(n, UF_IMMUTABLE) < OK)
> +	{
> +		warn("chflags");
> +		unlink(n);
> +		return (-2);
> +	}
> +
>  	log_it(RealUser, Pid, "REPLACE", User);
>  
>  	poke_daemon();

does this work w/ `sysctl kern.securelevel' > 0 ?

# man init

     1     Secure mode - the system immutable and system append-only flags may
			 ^^^^^^^^^^^^^^^^^^^^                              ^^^
           not be turned off; disks for mounted filesystems, /dev/mem, and
	   ^^^^^^^^^^^^^^^^^
           /dev/kmem may not be opened for writing; kernel modules (see
           kld(4)) may not be loaded or unloaded.

I guess no.

Cyrille.
-- 
Cyrille Lefevre                 mailto:cyrille.lefevre@laposte.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message