Bug ID 1155929
Summary cronie: run-crons: usage of checkproc is bogus
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Basesystem
Assignee kstreitova@suse.com
Reporter matthias.gerstner@suse.com
QA Contact qa-bugs@suse.de
CC aj@suse.com, mseben@gmail.com, per@computer.org, security-team@suse.de
Found By ---
Blocker --- 

The SUSE specific `run-crons` script installed with the cronie package in
/usr/lib/cron/run-crons contains the following check before running a script
from any of the /etc/cron.{daily,...} directories:

```
function run_scripts (){
    [...]
    for SCRIPT in $CRONDIR/* ; do
        [...]
        /sbin/checkproc $SCRIPT && continue
        [...]
    done
    [...]
}
```

This usage of checkproc seemingly wants to avoid that a cron script is
executing multiple times at once. However, checkproc does not work when used
against scripts, it only works for binary executables. Therefore checkproc
will not detect a possibly already running instance and the condition should
never trigger.

Furthermore, if a real executable would be placed into one of the
/etc/cron.* directories then a regular user would be able to perform a DoS
attack against cronie, because the program can be started by the regular user
and thus prevent cronie from ever executing it as e.g. root.

Therefore I suggest to simply drop that checkproc line from the script.

You are receiving this mail because: