[illumos-Advocates] RTI for bug 864: at(1) should not popen /usr/bin/pwd

Albert Lee trisk at opensolaris.org
Sun May 15 15:58:34 PDT 2011 

I have no problem with leaving it be.

Thanks,
-Albert

On Sun, May 15, 2011 at 6:31 PM, Gordon Ross <gordon.w.ross at gmail.com> wrote:
> I'm happy to  act as approver on this, but just wanted to clarify:
> Albert, are you a happy reviewer, or do you want the nit fixed?
>
> Thanks,
> Gordon
>
> On Sun, May 15, 2011 at 3:20 PM, Gary Mills <mills at cc.umanitoba.ca> wrote:
>> I'm attaching the `hg export' output and mail_msg from a nightly run
>> with lint.
>>
>> Here's outgoing:
>>
>>    $ hg outgoing -v
>>    running ssh anonhg at hg.illumos.org "hg -R illumos-gate serve --stdio"
>>    remote: Not trusting file /export/illumos/hgrepos/illumos-gate/.hg/hgrc from untrusted user hg, group hg
>>    comparing with ssh://anonhg@hg.illumos.org/illumos-gate
>>    searching for changes
>>
>>    changeset:   13370:018413a6185b
>>    tag:         tip
>>    user:        Gary Mills <mills at cc.umanitoba.ca>
>>    date:        Sun May 15 13:49:21 2011 -0500
>>
>>    description:
>>        864 at(1) should not popen /usr/bin/pwd
>>        Reviewed by: Garrett D'Amore
>>
>>    modified:
>>       usr/src/cmd/cron/at.c
>>
>>    remote: Not trusting file /export/illumos/hgrepos/illumos-gate/.hg/hgrc from untrusted user hg, group hg
>>
>> This is a test under OI 148, with the newly-built executable installed
>> setuid root in /usr/local/bin:
>>
>>    $ /usr/local/bin/at now+1min
>>    at> echo "This is the fixed at"
>>    at> <EOT>
>>    commands will be executed using /bin/ksh
>>    job 1305319632.a at Fri May 13 15:47:12 2011
>>    $ /usr/local/bin/at -l
>>    user = mills          1305319632.a      Fri May 13 15:47:12 2011
>>
>> This is a test with the OI 148 executable run on Solaris 10.  In this
>> case, it was done from a restricted directory (700 permissions) that
>> was NFS-mounted with autofs.  Root was unable to run `pwd' in this
>> directory:
>>
>>    $ /opt/bin/at now+1min
>>    at> echo "This is in the restricted directory"
>>    at> pwd
>>    at> <EOT>
>>    commands will be executed using /bin/ksh
>>    job 1305460807.a at Sun May 15 07:00:07 2011
>>    $ /opt/bin/at -l
>>    1305460807.a       Sun May 15 07:00:07 2011
>>
>> The e-mail message said:
>>
>>    Your "at" job on eltanin
>>    "/var/spool/cron/atjobs/1305460807.a"
>>
>>    produced the following output:
>>
>>    This is in the restricted directory
>>    /home/uadmin/mills/restrict
>>
>>
>> --
>> -Gary Mills-        -Unix Group-        -Computer and Network Services-
>>
>> _______________________________________________
>> Advocates mailing list
>> Advocates at lists.illumos.org
>> http://lists.illumos.org/m/listinfo/advocates
>>
>>
>

More information about the Advocates mailing list