From a100c69009c31ed1ea8053792a930c646545cea4 Mon Sep 17 00:00:00 2001
From: millert <millert@openbsd.org>
Date: Mon, 5 Jun 2017 01:42:45 +0000
Subject: [PATCH] Set the group on cron's Unix domain socket _before_ making it
 group-writable, not after.  Pointed out by Solar Designer.

---
 usr.sbin/cron/cron.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/cron/cron.c b/usr.sbin/cron/cron.c
index 57262e8d296..2a76ae249c4 100644
--- a/usr.sbin/cron/cron.c
+++ b/usr.sbin/cron/cron.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cron.c,v 1.74 2016/01/11 14:23:50 millert Exp $	*/
+/*	$OpenBSD: cron.c,v 1.75 2017/06/05 01:42:45 millert Exp $	*/
 
 /* Copyright 1988,1990,1993,1994 by Paul Vixie
  * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
@@ -462,7 +462,6 @@ open_socket(void)
 		syslog(LOG_ERR, "(CRON) DEATH (can't listen on socket)");
 		exit(EXIT_FAILURE);
 	}
-	chmod(s_un.sun_path, 0660);
 	if (grp != NULL) {
 		/* pledge won't let us change files to a foreign group. */
 		if (setegid(grp->gr_gid) == 0) {
@@ -470,6 +469,7 @@ open_socket(void)
 			(void)setegid(getgid());
 		}
 	}
+	chmod(s_un.sun_path, 0660);
 
 	return(sock);
 }
-- 
2.20.1