From: millert <millert@openbsd.org>
Date: Mon, 5 Jun 2017 01:42:45 +0000 (+0000)
Subject: Set the group on cron's Unix domain socket _before_ making it
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a100c69009c31ed1ea8053792a930c646545cea4;p=openbsd

Set the group on cron's Unix domain socket _before_ making it
group-writable, not after.  Pointed out by Solar Designer.
---

diff --git a/usr.sbin/cron/cron.c b/usr.sbin/cron/cron.c
index 57262e8d296..2a76ae249c4 100644
--- a/usr.sbin/cron/cron.c
+++ b/usr.sbin/cron/cron.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cron.c,v 1.74 2016/01/11 14:23:50 millert Exp $	*/
+/*	$OpenBSD: cron.c,v 1.75 2017/06/05 01:42:45 millert Exp $	*/
 
 /* Copyright 1988,1990,1993,1994 by Paul Vixie
  * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
@@ -462,7 +462,6 @@ open_socket(void)
 		syslog(LOG_ERR, "(CRON) DEATH (can't listen on socket)");
 		exit(EXIT_FAILURE);
 	}
-	chmod(s_un.sun_path, 0660);
 	if (grp != NULL) {
 		/* pledge won't let us change files to a foreign group. */
 		if (setegid(grp->gr_gid) == 0) {
@@ -470,6 +469,7 @@ open_socket(void)
 			(void)setegid(getgid());
 		}
 	}
+	chmod(s_un.sun_path, 0660);
 
 	return(sock);
 }