Bug 177476 - minder process should run as job user with user context
minder process should run as job user with user context
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: vixie-cron (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Marcela Mašláňová
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-10 17:54 EST by Jason Vas Dias
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: vixie-cron-4.1-50.FC5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-29 09:27:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jason Vas Dias 2006-01-10 17:54:37 EST
Description of problem:

On Tuesday 27 December 2005 11:12, Russell Coker <rcoker@redhat.com> wrote:
>  https://www.redhat.com/archives/fedora-selinux-list/2005-December/msg00163.html
>  
>  What do you think of my idea from the above message about having the
>  cron code that manages passing data to the mail process running in the
>  user context?
>  
>  Among other things it will close a channel between cron jobs of
>  different users which will help in proving the more strict policies to
>  be correct.
>

Currently, crond forks a child "minder" process, which forks the grandchild
"job" process which sets its userid, gid and execution context to that of
the user, while the minder process continues running as root with crond_t
context, and may then exec sendmail (or a mailer program) to read the pipe
- the pipe between them is then has crond_t context .

Making the minder process open the PAM session, change the userid, and
change to user SELinux context before opening the pipe and forking the
job process would avoid this issue, making it possible to implement
more secure SELinux policy, and also cleaning up the code.

Version-Release number of selected component (if applicable):
all

How reproducible:
100%

Steps to Reproduce:
Run a cron job as a non root user
  
Actual results:
The pipe to the mailer is owned by root with system crond_t context,
and the mailer runs as root.

Expected results:
The mailer should run as the job user and the pipe should have user context.
Comment 1 Jason Vas Dias 2006-01-10 18:28:36 EST
This bug is now fixed with vixie-cron-4.1-44 in rawhide-20060110 (FC5t3).

Note You need to log in before you can comment on or make changes to this bug.