Bug 177476 - minder process should run as job user with user context
Summary: minder process should run as job user with user context
Alias: None
Product: Fedora
Classification: Fedora
Component: vixie-cron   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Marcela Mašláňová
QA Contact: Brock Organ
Depends On:
TreeView+ depends on / blocked
Reported: 2006-01-10 22:54 UTC by Jason Vas Dias
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version: vixie-cron-4.1-50.FC5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-29 13:27:44 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Jason Vas Dias 2006-01-10 22:54:37 UTC
Description of problem:

On Tuesday 27 December 2005 11:12, Russell Coker <rcoker@redhat.com> wrote:
>  https://www.redhat.com/archives/fedora-selinux-list/2005-December/msg00163.html
>  What do you think of my idea from the above message about having the
>  cron code that manages passing data to the mail process running in the
>  user context?
>  Among other things it will close a channel between cron jobs of
>  different users which will help in proving the more strict policies to
>  be correct.

Currently, crond forks a child "minder" process, which forks the grandchild
"job" process which sets its userid, gid and execution context to that of
the user, while the minder process continues running as root with crond_t
context, and may then exec sendmail (or a mailer program) to read the pipe
- the pipe between them is then has crond_t context .

Making the minder process open the PAM session, change the userid, and
change to user SELinux context before opening the pipe and forking the
job process would avoid this issue, making it possible to implement
more secure SELinux policy, and also cleaning up the code.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Run a cron job as a non root user
Actual results:
The pipe to the mailer is owned by root with system crond_t context,
and the mailer runs as root.

Expected results:
The mailer should run as the job user and the pipe should have user context.

Comment 1 Jason Vas Dias 2006-01-10 23:28:36 UTC
This bug is now fixed with vixie-cron-4.1-44 in rawhide-20060110 (FC5t3).

Note You need to log in before you can comment on or make changes to this bug.