Bug#766053: systemd-cron cannot edit user crontabs
Alexandre Detiste
alexandre.detiste at gmail.com
Wed Dec 10 09:01:34 GMT 2014
control: tags -1 fixed-upstream
Hi,
I'm still working on this last major bug of systemd-cron.
I came up with this setuid helper, that is called by crontab when needed:
https://github.com/systemd-cron/systemd-cron/blob/setuid/src/bin/crontab_setuid.c
I avoided the most obvious pitfalls: string format attacks,
tmp files/symlinks attacks (it uses stdin/stdout to pass crontab data);
and I made it as bare as possible.
Please review it
Alexandre
--
systemd-cron postinst script needs to do this too:
chown root:root /var/spool/cron/crontabs
chmod 770 /var/spool/cron/crontabs
More information about the Pkg-systemd-maintainers
mailing list