Bug 177476
Summary: | minder process should run as job user with user context | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jason Vas Dias <jvdias> |
Component: | vixie-cron | Assignee: | Marcela Mašláňová <mmaslano> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | rcoker |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | vixie-cron-4.1-50.FC5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-08-29 13:27:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
This bug is now fixed with vixie-cron-4.1-44 in rawhide-20060110 (FC5t3). |
Description of problem: On Tuesday 27 December 2005 11:12, Russell Coker <rcoker> wrote: > https://www.redhat.com/archives/fedora-selinux-list/2005-December/msg00163.html > > What do you think of my idea from the above message about having the > cron code that manages passing data to the mail process running in the > user context? > > Among other things it will close a channel between cron jobs of > different users which will help in proving the more strict policies to > be correct. > Currently, crond forks a child "minder" process, which forks the grandchild "job" process which sets its userid, gid and execution context to that of the user, while the minder process continues running as root with crond_t context, and may then exec sendmail (or a mailer program) to read the pipe - the pipe between them is then has crond_t context . Making the minder process open the PAM session, change the userid, and change to user SELinux context before opening the pipe and forking the job process would avoid this issue, making it possible to implement more secure SELinux policy, and also cleaning up the code. Version-Release number of selected component (if applicable): all How reproducible: 100% Steps to Reproduce: Run a cron job as a non root user Actual results: The pipe to the mailer is owned by root with system crond_t context, and the mailer runs as root. Expected results: The mailer should run as the job user and the pipe should have user context.