Bug ID | 1155929 |
---|---|
Summary | cronie: run-crons: usage of checkproc is bogus |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.1 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Basesystem |
Assignee | kstreitova@suse.com |
Reporter | matthias.gerstner@suse.com |
QA Contact | qa-bugs@suse.de |
CC | aj@suse.com, mseben@gmail.com, per@computer.org, security-team@suse.de |
Found By | --- |
Blocker | --- |
The SUSE specific `run-crons` script installed with the cronie package in /usr/lib/cron/run-crons contains the following check before running a script from any of the /etc/cron.{daily,...} directories: ``` function run_scripts (){ [...] for SCRIPT in $CRONDIR/* ; do [...] /sbin/checkproc $SCRIPT && continue [...] done [...] } ``` This usage of checkproc seemingly wants to avoid that a cron script is executing multiple times at once. However, checkproc does not work when used against scripts, it only works for binary executables. Therefore checkproc will not detect a possibly already running instance and the condition should never trigger. Furthermore, if a real executable would be placed into one of the /etc/cron.* directories then a regular user would be able to perform a DoS attack against cronie, because the program can be started by the regular user and thus prevent cronie from ever executing it as e.g. root. Therefore I suggest to simply drop that checkproc line from the script.