Red Hat Bugzilla – Bug 177476
minder process should run as job user with user context
Last modified: 2007-11-30 17:11:20 EST
Description of problem:
On Tuesday 27 December 2005 11:12, Russell Coker <email@example.com> wrote:
> What do you think of my idea from the above message about having the
> cron code that manages passing data to the mail process running in the
> user context?
> Among other things it will close a channel between cron jobs of
> different users which will help in proving the more strict policies to
> be correct.
Currently, crond forks a child "minder" process, which forks the grandchild
"job" process which sets its userid, gid and execution context to that of
the user, while the minder process continues running as root with crond_t
context, and may then exec sendmail (or a mailer program) to read the pipe
- the pipe between them is then has crond_t context .
Making the minder process open the PAM session, change the userid, and
change to user SELinux context before opening the pipe and forking the
job process would avoid this issue, making it possible to implement
more secure SELinux policy, and also cleaning up the code.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Run a cron job as a non root user
The pipe to the mailer is owned by root with system crond_t context,
and the mailer runs as root.
The mailer should run as the job user and the pipe should have user context.
This bug is now fixed with vixie-cron-4.1-44 in rawhide-20060110 (FC5t3).