[Bug 185531] Review Request: fcron, a task scheduler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: fcron, a task scheduler


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185531





------- Additional Comments From pertusus@xxxxxxx  2006-03-18 07:01 EST -------
(In reply to comment #11)
> answers to comment #10:
> 

> * fcrondyn should be suid fcron and not root.

I don't think so. I think that it shouldn't be setuid, and files in /etc/fcron.*
be owned by root and 0644. And it shouldn't be fcrondyn that checks the
/etc/fcron.{allow,deny}. If I'm not wrong, fcron does check, but I think that
fcrondyn shouldn't check at all. Not a big deal. 

> * fcronsighup has to be suid root: the idea of this very small program is to 
> be suid root so as it can send a signal to fcron daemon, while being very 
> small to ensure maximum security.

Correct me if I'm wrong, but this program is used by fcrontab to signal fcron
that it should reread the configuration, right? In that case I don't see why any
user could be allowed to send a SIGHUP to fcron, only the fcron user.

More generaly shouldn't it be better to set up a unix socket setup by fcron to
communicate with the fcron user, in a directory and with permissions such that
only that user may send something in that socket? Having a setuid root binary
uniquely to be able for the fcron user to signal to fcron that the config has
changed seems to me an uneeded security risk?

I say that because you are the maintainer, and it is more like a request for
enhancement ;-). Especially since it is allready something much more
complicated, but similar with what I ask, that is used by fcrondyn. For the
fedora package, I guess we'll have to go with the setuid root, but maybe we
could arrange things such that only the fcron user may run the program.

> * concerning the rights about fcron: I think the question should rather be: 
> why would we add more rights to fcron binary than it needs ? The less rights, 
> the more secure!

Not necessarilly. Any user should be able to read the binary, for example to do
md5sum or whatever. It opens a security risk if a user has to become root just
to do a md5sum on the binary. concerning the execute bits, they are harmless
anyway as the real control is on the ressources that are used as root. I am not
familiar enough with fcron to understand if it has to be run as root (for
example if it access files that are root-owned) but I can't see why a user
shouldn't be able to run it instead of root, especially to try to understand a
issue.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

-- 
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list

[Index of Archives]     [Fedora General Discussion]     [Fedora Art]     [Fedora Docs]     [Fedora Package Review]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Backpacking]     [KDE Users]

  Powered by Linux