[illumos-Developer] Webrev for bug 864: at(1) should not popen /usr/bin/pwd
Gary Mills
mills at cc.umanitoba.ca
Sat May 14 06:58:18 PDT 2011
This is for illumos bug 864: at(1) should not popen /usr/bin/pwd.
My webrev is at:
http://cr.illumos.org/view/rcb94hjq/illumos864/
It passes cstyle and lint.
Most of my testing was done on OI 148. Here's an example, after
installing it in /usr/local/bin and making it setuid root:
$ /usr/local/bin/at now+1min
at> echo "This is the fixed at"
at> <EOT>
commands will be executed using /bin/ksh
job 1305319632.a at Fri May 13 15:47:12 2011
$ /usr/local/bin/at -l
user = mills 1305319632.a Fri May 13 15:47:12 2011
This is an example on an NFS-mounted home directory, with the OI 148
executable running on Solaris 10:
$ /opt/bin/at now+1min
at> echo "This is in a restricted directory"
at> pwd
at> <EOT>
commands will be executed using /bin/ksh
job 1305320993.a at Fri May 13 16:09:53 2011
$ root
Password:
cannot access parent directories
# pwd
cannot access parent directories
The e-mail said:
Your "at" job on eltanin
"/var/spool/cron/atjobs/1305320993.a"
produced the following output:
This is in a restricted directory
/home/uadmin/mills/restrict
--
-Gary Mills- -Unix Group- -Computer and Network Services-
More information about the Developer
mailing list