Bug#766053: systemd-cron cannot edit user crontabs
Lorenzo
lory.fulgi at infinito.it
Wed Dec 10 14:35:42 GMT 2014
On 12/10/2014 10:01 AM, Alexandre Detiste wrote:
> control: tags -1 fixed-upstream
>
> Hi,
>
> I'm still working on this last major bug of systemd-cron.
>
> I came up with this setuid helper, that is called by crontab when needed:
> https://github.com/systemd-cron/systemd-cron/blob/setuid/src/bin/crontab_setuid.c
>
> I avoided the most obvious pitfalls: string format attacks,
> tmp files/symlinks attacks (it uses stdin/stdout to pass crontab data);
> and I made it as bare as possible.
>
> Please review it
>
> Alexandre
>
> --
>
> systemd-cron postinst script needs to do this too:
> chown root:root /var/spool/cron/crontabs
> chmod 770 /var/spool/cron/crontabs
>
Please forget about my comment about switching ids, not enough coffee
today :(
More information about the Pkg-systemd-maintainers
mailing list