Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cronie for openSUSE:Factory checked in at 2024-07-22 17:14:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cronie (Old) and /work/SRC/openSUSE:Factory/.cronie.new.17339 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cronie" Mon Jul 22 17:14:12 2024 rev:94 rq:1188846 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/cronie/cronie.changes 2024-05-01 14:55:50.496579028 +0200 +++ /work/SRC/openSUSE:Factory/.cronie.new.17339/cronie.changes 2024-07-22 17:14:27.732786499 +0200 @@ -1,0 +2,6 @@ +Tue Jul 9 10:02:29 UTC 2024 - Johannes Segitz <jsegitz@suse.com> + +- Improve permissions checks in run-cron. Just check if the permission + matches completely. Otherwise e.g. setgid directories causes failures + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ run-crons ++++++ --- /var/tmp/diff_new_pack.5IpvW3/_old 2024-07-22 17:14:29.564860082 +0200 +++ /var/tmp/diff_new_pack.5IpvW3/_new 2024-07-22 17:14:29.568860243 +0200 @@ -104,22 +104,15 @@ SECURE_PERMISSIONS="${SECURE_DIR_PERMISSIONS:-755}" for CRONDIR in /etc/cron.{hourly,daily,weekly,monthly} ; do test -d $CRONDIR || continue - # this is racy but better than nothing + # these checks are racy but better than nothing if [ ! "$ENFORCE_ROOT_OWNER_GROUP_DIR" = "no" ] && [ ! -O $CRONDIR -o ! -G $CRONDIR ]; then echo "wrong owner/group for $CRONDIR, skipping" | logger continue fi ACTUAL_PERMISSIONS=$(stat -c %a $CRONDIR) - # to have this default to false would be better, but would require a more - # complicated logic in the loop - PERMISSIONS_ARE_SECURE=true - for (( i=0; i<${#ACTUAL_PERMISSIONS}; i++ )); do - if [ "${ACTUAL_PERMISSIONS:$i:1}" -gt "${SECURE_PERMISSIONS:$i:1}" ]; then - PERMISSIONS_ARE_SECURE=false - fi - done - if [ ! "$PERMISSIONS_ARE_SECURE" = true ]; then - echo "wrong permissions $ACTUAL_PERMISSIONS for $CRONDIR, expecting $SECURE_PERMISSIONS. Skipping" | logger + + if [ ! "${ACTUAL_PERMISSIONS}" = "${SECURE_PERMISSIONS}" ]; then + echo "wrong permissions $ACTUAL_PERMISSIONS for $CRONDIR, expecting $SECURE_PERMISSIONS (see SECURE_DIR_PERMISSIONS in /etc/sysconfig/cron). Skipping" | logger continue fi
participants (1)
-
Source-Sync