Closed jsegitz closed 6 months ago
t8m
commented
6 months ago I disagree that crontab backups should have different readability than any other files created by various applications by default. IMO masking by the current UMASK is sufficient.
jsegitz
commented
6 months ago I disagree. Backups should have the same or stricter permissions than the original file.
t8m
commented
6 months ago If a PR is submitted I will consider it.
jsegitz
commented
6 months ago thank you. I'll open a PR
https://github.com/cronie-crond/cronie/blob/e6272db76d01876ab3106177ef65807cc708c560/src/crontab.c#L577
Since no mode is specified this will end up as 644 for some (most?) users. The crontab backup should only be readable for the current user (600). Obviously this is only a problem if the home directory can be traversed by other users, but it's a useful hardening