Description of problem: On Tuesday 27 December 2005 11:12, Russell Coker <rcoker> wrote: > https://www.redhat.com/archives/fedora-selinux-list/2005-December/msg00163.html > > What do you think of my idea from the above message about having the > cron code that manages passing data to the mail process running in the > user context? > > Among other things it will close a channel between cron jobs of > different users which will help in proving the more strict policies to > be correct. > Currently, crond forks a child "minder" process, which forks the grandchild "job" process which sets its userid, gid and execution context to that of the user, while the minder process continues running as root with crond_t context, and may then exec sendmail (or a mailer program) to read the pipe - the pipe between them is then has crond_t context . Making the minder process open the PAM session, change the userid, and change to user SELinux context before opening the pipe and forking the job process would avoid this issue, making it possible to implement more secure SELinux policy, and also cleaning up the code. Version-Release number of selected component (if applicable): all How reproducible: 100% Steps to Reproduce: Run a cron job as a non root user Actual results: The pipe to the mailer is owned by root with system crond_t context, and the mailer runs as root. Expected results: The mailer should run as the job user and the pipe should have user context.
This bug is now fixed with vixie-cron-4.1-44 in rawhide-20060110 (FC5t3).