[Bug 1155929] New: cronie: run-crons: usage of checkproc is bogus
http://bugzilla.suse.com/show_bug.cgi?id=1155929 Bug ID: 1155929 Summary: cronie: run-crons: usage of checkproc is bogus Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: kstreitova@suse.com Reporter: matthias.gerstner@suse.com QA Contact: qa-bugs@suse.de CC: aj@suse.com, mseben@gmail.com, per@computer.org, security-team@suse.de Found By: --- Blocker: --- The SUSE specific `run-crons` script installed with the cronie package in /usr/lib/cron/run-crons contains the following check before running a script from any of the /etc/cron.{daily,...} directories: ``` function run_scripts (){ [...] for SCRIPT in $CRONDIR/* ; do [...] /sbin/checkproc $SCRIPT && continue [...] done [...] } ``` This usage of checkproc seemingly wants to avoid that a cron script is executing multiple times at once. However, checkproc does not work when used against scripts, it only works for binary executables. Therefore checkproc will not detect a possibly already running instance and the condition should never trigger. Furthermore, if a real executable would be placed into one of the /etc/cron.* directories then a regular user would be able to perform a DoS attack against cronie, because the program can be started by the regular user and thus prevent cronie from ever executing it as e.g. root. Therefore I suggest to simply drop that checkproc line from the script. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1155929
http://bugzilla.suse.com/show_bug.cgi?id=1155929#c1
Kristyna Streitova
http://bugzilla.suse.com/show_bug.cgi?id=1155929
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1155929
http://bugzilla.suse.com/show_bug.cgi?id=1155929#c3
--- Comment #3 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1155929
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1155929
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1155929
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1155929
http://bugzilla.suse.com/show_bug.cgi?id=1155929#c4
--- Comment #4 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com