Bug 460070 - cronjobs in /etc/cron.d entries with an invalid username produce no error in the logs
Summary: cronjobs in /etc/cron.d entries with an invalid username produce no error in ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: vixie-cron
Version: 5.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Marcela Mašláňová
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-08-25 22:04 UTC by Chuck Berg
Modified: 2012-02-21 03:13 UTC (History)
4 users (show)

Fixed In Version: vixie-cron-4.1-78.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-21 03:13:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0304 0 normal SHIPPED_LIVE Low: vixie-cron security, bug fix, and enhancement update 2012-02-21 07:24:41 UTC

Description Chuck Berg 2008-08-25 22:04:57 UTC 
cron does not log any error when a line in a file in /etc/cron.d contains a username that does not exist. A very easy way for this to happen is someone forgetting that the files in /var/spool/cron/crontabs have a different format than /etc/cron.d.

To reproduce:
echo '* * * * * nosuchuser touch /tmp/nosuchuser-ran-a-cron-job' > /etc/cron.d/test1
echo '* * * * * root touch /tmp/root-ran-a-cron-job' > /etc/cron.d/test2

(the latter is the control)

tail -f /var/log/cron /var/log/messages

And watch as the valid cron line is run but no error is reported for the invalid one.

If you look at entry.c load_entry(), you see no error reporting for a failed "pw = getpwnam(username);" call.

This problem exists in at least RHEL 4 and 5, and presumably in all releases with /etc/cron.d support.
Comment 1 Marcela Mašláňová 2008-08-26 07:23:23 UTC 
Thank you for report. This bug was already fixed in upstream version.
Comment 2 RHEL Program Management 2009-03-26 16:55:01 UTC 
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 3 RHEL Program Management 2009-11-06 18:50:30 UTC 
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 7 RHEL Program Management 2010-08-09 18:39:55 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 9 RHEL Program Management 2011-01-11 21:06:47 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 10 RHEL Program Management 2011-01-12 15:17:49 UTC 
This request was erroneously denied for the current release of
Red Hat Enterprise Linux.  The error has been fixed and this
request has been re-proposed for the current release.
Comment 11 RHEL Program Management 2011-05-31 13:43:50 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 15 errata-xmlrpc 2012-02-21 03:13:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0304.html
Note You need to log in before you can comment on or make changes to this bug.