Closed jsegitz closed 10 months ago
t8m
commented
10 months ago I disagree that crontab backups should have different readability than any other files created by various applications by default. IMO masking by the current UMASK is sufficient.
jsegitz
commented
10 months ago I disagree. Backups should have the same or stricter permissions than the original file.
t8m
commented
10 months ago If a PR is submitted I will consider it.
jsegitz
commented
10 months ago thank you. I'll open a PR
https://github.com/cronie-crond/cronie/blob/e6272db76d01876ab3106177ef65807cc708c560/src/crontab.c#L577
Since no mode is specified this will end up as 644 for some (most?) users. The crontab backup should only be readable for the current user (600). Obviously this is only a problem if the home directory can be traversed by other users, but it's a useful hardening