--- at-3.1.10/at.c.perm 2006-11-14 12:26:27.000000000 +0100 +++ at-3.1.10/at.c 2006-11-14 12:28:15.000000000 +0100 @@ -144,17 +144,12 @@ */ if (fcreated) { /* - PRIV_START - We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ setregid(real_gid, effective_gid); unlink(atfile); setregid(effective_gid, real_gid); - /* - PRIV_END - */ } exit(EXIT_FAILURE); } @@ -314,18 +309,18 @@ * bit. Yes, this is a kluge. */ cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); - seteuid(real_uid); + seteuid(effective_uid); if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) perr("Cannot create atjob file %.500s", atfile); - seteuid(effective_uid); + //seteuid(effective_uid); if ((fd2 = dup(fd)) < 0) perr("Error in dup() of job file"); - /* + if (fchown(fd2, real_uid, real_gid) != 0) perr("Cannot give away file"); - */ + PRIV_END @@ -656,6 +651,7 @@ We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ +// PRIV_START setregid(real_gid, effective_gid); if (queue == '=') { @@ -668,17 +664,17 @@ setregid(effective_gid, real_gid); done = 1; - +// PRIV_END break; case CAT: { FILE *fp; int ch; - + // PRIV_START setregid(real_gid, effective_gid); fp = fopen(dirent->d_name, "r"); - + // PRIV_END if (fp) { while ((ch = getc(fp)) != EOF) { putchar(ch); --- at-3.1.10/Makefile.in.perm 2006-11-14 12:26:27.000000000 +0100 +++ at-3.1.10/Makefile.in 2006-11-14 12:26:27.000000000 +0100 @@ -97,7 +97,7 @@ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR) $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d - $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT) $(ATSPOOL_DIR) + $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) chmod 700 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) touch $(IROOT)$(LFILE) chmod 600 $(IROOT)$(LFILE)