|
|
ad6487 |
diff -up cronie-1.4.11/src/security.c.ppp cronie-1.4.11/src/security.c
|
|
|
ad6487 |
--- cronie-1.4.11/src/security.c.ppp 2013-07-18 14:27:08.000000000 +0200
|
|
|
ad6487 |
+++ cronie-1.4.11/src/security.c 2013-08-30 14:00:15.263788467 +0200
|
|
|
ad6487 |
@@ -129,15 +129,13 @@ int cron_set_job_security_context(entry
|
|
|
ad6487 |
}
|
|
|
ad6487 |
#endif
|
|
|
ad6487 |
|
|
|
ad6487 |
- *jobenv = build_env(e->envp);
|
|
|
ad6487 |
-
|
|
|
ad6487 |
#ifdef WITH_SELINUX
|
|
|
ad6487 |
/* we must get the crontab context BEFORE changing user, else
|
|
|
ad6487 |
* we'll not be permitted to read the cron spool directory :-)
|
|
|
ad6487 |
*/
|
|
|
ad6487 |
security_context_t ucontext = 0;
|
|
|
ad6487 |
|
|
|
ad6487 |
- if (cron_get_job_range(u, &ucontext, *jobenv) < OK) {
|
|
|
ad6487 |
+ if (cron_get_job_range(u, &ucontext, e->envp) < OK) {
|
|
|
ad6487 |
log_it(e->pwd->pw_name, getpid(), "ERROR",
|
|
|
ad6487 |
"failed to get SELinux context", 0);
|
|
|
ad6487 |
return -1;
|
|
|
ad6487 |
@@ -165,6 +163,8 @@ int cron_set_job_security_context(entry
|
|
|
ad6487 |
return -1;
|
|
|
ad6487 |
}
|
|
|
ad6487 |
|
|
|
ad6487 |
+ *jobenv = build_env(e->envp);
|
|
|
ad6487 |
+
|
|
|
ad6487 |
time_t job_run_time = time(0L);
|
|
|
ad6487 |
|
|
|
ad6487 |
if ((minutely_time > 0) && ((job_run_time / 60) != (minutely_time / 60))) {
|
|
|
ad6487 |
@@ -615,11 +615,18 @@ int crontab_security_access(void) {
|
|
|
ad6487 |
*/
|
|
|
ad6487 |
static char **build_env(char **cronenv) {
|
|
|
ad6487 |
#ifdef WITH_PAM
|
|
|
ad6487 |
- char **jobenv;
|
|
|
ad6487 |
- char **pamenv = pam_getenvlist(pamh);
|
|
|
ad6487 |
+ char **jobenv = pam_getenvlist(pamh);
|
|
|
ad6487 |
char *cronvar;
|
|
|
ad6487 |
int count = 0;
|
|
|
ad6487 |
- jobenv = env_copy(pamenv);
|
|
|
ad6487 |
+
|
|
|
ad6487 |
+ if (jobenv == NULL) {
|
|
|
ad6487 |
+ jobenv = env_init();
|
|
|
ad6487 |
+ if (jobenv == NULL) {
|
|
|
ad6487 |
+ log_it("CRON", getpid(),
|
|
|
ad6487 |
+ "ERROR", "Initialization of cron environment variables failed", 0);
|
|
|
ad6487 |
+ return NULL;
|
|
|
ad6487 |
+ }
|
|
|
ad6487 |
+ }
|
|
|
ad6487 |
|
|
|
ad6487 |
/* Now add the cron environment variables. Since env_set()
|
|
|
ad6487 |
* overwrites existing variables, this will let cron's
|