Package: cron
Version: 3.0pl1-104
Severity: grave
When in enforcing mode it would be a serious security hole if a cron job
was launched without setting the security context - this would be
exactly analogous to forgetting to call setgid() and setuid() before
launching a cron job.
The current version has code in do_command.c to skip the check if for
some reason the security context is not set.
One way that this might happen is if cron is started while the machine
is in permissive mode and the machine is set to enforcing mode while
cron is running. Of course fixing this issue with cron won't address
the issue of a cron job that is already running.
Also there's the issue of code bugs. It would be good if a bug in one
section of code which results in a field not being filled in would not
result in inappropriate privileges being granted in another section.
The following patch fixes this.
diff -ru /tmp/cron-3.0pl1.orig/do_command.c ./do_command.c
--- /tmp/cron-3.0pl1.orig/do_command.c 2008-09-19 22:59:45.000000000 +1000
+++ ./do_command.c 2008-09-20 14:51:21.000000000 +1000
@@ -331,13 +331,20 @@
fprintf(stdout,"error");
#endif
#ifdef WITH_SELINUX
- if ((is_selinux_enabled() > 0) && (u->scontext != 0L)) {
- if (setexeccon(u->scontext) < 0) {
- if (security_getenforce() > 0) {
- fprintf(stderr, "Could not set exec
context to %s for user %s\n", u->scontext,u->name);
- _exit(ERROR_EXIT);
- }
+ if (is_selinux_enabled() > 0) {
+ if (u->scontext != 0L) {
+ if (setexeccon(u->scontext) < 0) {
+ if (security_getenforce() > 0) {
+ fprintf(stderr, "Could not set exec
context to %s for user %s\n", u->scontext,u->name);
+ _exit(ERROR_EXIT);
+ }
+ }
}
+ else if(security_getenforce() > 0)
+ {
+ fprintf(stderr, "Error, must have a security
context for the cron job when in enforcing mode.\nUser %s.\n", u->name);
+ _exit(ERROR_EXIT);
+ }
}
#endif
execle(shell, shell, "-c", e->cmd, (char *)0, jobenv);
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
