[Bug 185531] Review Request: fcron, a task scheduler
bugzilla at redhat.com
bugzilla at redhat.com
Sat Mar 18 22:11:19 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: fcron, a task scheduler
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185531
------- Additional Comments From pertusus at free.fr 2006-03-18 17:11 EST -------
(In reply to comment #13)
> Yes, I guess it wouldn't be a real security risk if /etc/fcron.* files were
> 644. It is good to limit as much as possible the amount of information an
> attacker has, but in this case we may remove the suid bits from fcrondyn if we
> allow every one to read the /etc/fcron.*. However please note that fcrondyn
> does drop its setuid rights as soon as it does not need them anymore, which
> limits the potential harm.
In fact I believe that both sides have pros and cons (information leak versus a
possibility of doing something unwanted as the fcron user). It seems to me that
in the fedora rpm the config files should be 0644 and fcrondyn not setuid fcron,
as it is how it is done in the whole distro. Alain, what do you think about that?
> I'm not sure I understand you ... do you mean "why a non priviledged user
> could not send a signal to fcron daemon?"
> In this case, you should know that a user can only send a signal to one of its
> processes. This implies that fcronsighup has to be root (or have root rights)
> to send a signal to fcron daemon which is run by root.
I understand perfectly the issue, what I was saying is that the only
unpriviledged user that should be allowed to send this signal to fcron should be
the fcron user.
What about having fcronsighup with the following rights:
-rwsr-x--- root fcron
or
-rwsr-xr-- root fcron
> Actually the best way to do it would be to use dnotify (or inotify) to be
> informed by the kernel itself about changes in /var/spool/fcron instead of
> relying on fcronsighup. This is on the to-do list, but not done yet ... if
> anyone wants to have a go, please do ;)
I can only say that seems seems the best way to go, at least much better than
what I proposed ;-)
> fcron runs the job with the user rights of the owner of the job. It has to be
> root to be able to change its rights to user's ones.
Ok, so if the user wants only to run his jobs, then he can run it, so it should
be executable by anyone.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the fedora-extras-list
mailing list