Apply by doing: cd /usr/src/usr.sbin/cron patch -p0 < 012_cron.patch And then reinstall cron. Index: config.h =================================================================== RCS file: /cvs/src/usr.sbin/cron/config.h,v retrieving revision 1.2 retrieving revision 1.4 diff -u -r1.2 -r1.4 --- config.h 1998/03/30 06:59:41 1.2 +++ config.h 1999/08/29 08:51:55 1.4 @@ -42,12 +42,14 @@ */ #define MAILCMD _PATH_SENDMAIL /*-*/ -#define MAILARGS "%s -FCronDaemon -odi -oem -oi -or0s -t" /*-*/ +#define MAILARGS "%s -FCronDaemon -odi -oem -oi -t" /*-*/ /* -Fx = set full-name of sender * -odi = Option Deliverymode Interactive * -oem = Option Errors Mailedtosender - * -or0s = Option Readtimeout -- don't time out * -t = read recipient from header of message + * NOTE: since this runs as the user, not root you must + * not specify any args that will cause sendmail + * to drop its suidness (see op.me for a list). */ /* #define MAILCMD "/bin/mail" -*/ Index: cron.h =================================================================== RCS file: /cvs/src/usr.sbin/cron/cron.h,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- cron.h 1997/12/22 08:10:41 1.2 +++ cron.h 1999/08/28 20:13:13 1.3 @@ -231,7 +231,7 @@ entry *load_entry __P((FILE *, void (*)(), struct passwd *, char **)); -FILE *cron_popen __P((char *, char *)); +FILE *cron_popen __P((char *, char *, entry *)); /* in the C tradition, we only create Index: do_command.c =================================================================== RCS file: /cvs/src/usr.sbin/cron/do_command.c,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- do_command.c 1998/05/08 20:17:18 1.5 +++ do_command.c 1999/08/28 20:13:13 1.6 @@ -387,7 +387,7 @@ (void) gethostname(hostname, MAXHOSTNAMELEN); (void) snprintf(mailcmd, sizeof(mailcmd), MAILARGS, MAILCMD); - if (!(mail = cron_popen(mailcmd, "w"))) { + if (!(mail = cron_popen(mailcmd, "w", e))) { perror(MAILCMD); (void) _exit(ERROR_EXIT); } Index: popen.c =================================================================== RCS file: /cvs/src/usr.sbin/cron/popen.c,v retrieving revision 1.2 retrieving revision 1.5 diff -u -r1.2 -r1.5 --- popen.c 1998/03/30 06:59:47 1.2 +++ popen.c 1999/08/30 10:45:37 1.5 @@ -44,8 +44,9 @@ static int fds; FILE * -cron_popen(program, type) +cron_popen(program, type, e) char *program, *type; + entry *e; { register char *cp; FILE *iop; @@ -80,6 +81,7 @@ for (argc = 0, cp = program; argc < MAX_ARGS; cp = NULL) if (!(argv[argc++] = strtok(cp, " \t\n"))) break; + argv[MAX_ARGS] = NULL; #if WANT_GLOBBING /* glob each piece */ @@ -118,6 +120,15 @@ (void)close(pdes[0]); } (void)close(pdes[1]); + } + if (e) { + setgid(e->gid); +#if defined(BSD) + initgroups(env_get("LOGNAME", e->envp), e->gid); +#endif + setlogin(env_get("LOGNAME", e->envp)); + setuid(e->uid); + chdir(env_get("HOME", e->envp)); } #if WANT_GLOBBING execvp(gargv[0], gargv);