Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: fcron, a task scheduler https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185531 ------- Additional Comments From pertusus@xxxxxxx 2006-03-18 07:01 EST ------- (In reply to comment #11) > answers to comment #10: > > * fcrondyn should be suid fcron and not root. I don't think so. I think that it shouldn't be setuid, and files in /etc/fcron.* be owned by root and 0644. And it shouldn't be fcrondyn that checks the /etc/fcron.{allow,deny}. If I'm not wrong, fcron does check, but I think that fcrondyn shouldn't check at all. Not a big deal. > * fcronsighup has to be suid root: the idea of this very small program is to > be suid root so as it can send a signal to fcron daemon, while being very > small to ensure maximum security. Correct me if I'm wrong, but this program is used by fcrontab to signal fcron that it should reread the configuration, right? In that case I don't see why any user could be allowed to send a SIGHUP to fcron, only the fcron user. More generaly shouldn't it be better to set up a unix socket setup by fcron to communicate with the fcron user, in a directory and with permissions such that only that user may send something in that socket? Having a setuid root binary uniquely to be able for the fcron user to signal to fcron that the config has changed seems to me an uneeded security risk? I say that because you are the maintainer, and it is more like a request for enhancement ;-). Especially since it is allready something much more complicated, but similar with what I ask, that is used by fcrondyn. For the fedora package, I guess we'll have to go with the setuid root, but maybe we could arrange things such that only the fcron user may run the program. > * concerning the rights about fcron: I think the question should rather be: > why would we add more rights to fcron binary than it needs ? The less rights, > the more secure! Not necessarilly. Any user should be able to read the binary, for example to do md5sum or whatever. It opens a security risk if a user has to become root just to do a md5sum on the binary. concerning the execute bits, they are harmless anyway as the real control is on the ressources that are used as root. I am not familiar enough with fcron to understand if it has to be run as root (for example if it access files that are root-owned) but I can't see why a user shouldn't be able to run it instead of root, especially to try to understand a issue. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
