Bug#766053: systemd-cron cannot edit user crontabs
Alexandre Detiste
alexandre.detiste at gmail.com
Mon Oct 20 16:21:09 BST 2014
Dear cron maintainer,
Some systemd-cron users have discovered that the crontab program shipped
with systemd-cron can't work for users != root because it is a python script
and the setgid bit has no effect on these.
I'm myself a newbie in the upstream team, and the two other upstreams
which have already agreed to relicense and let me merge their respective (half-)projects
are not interrested to mess with a setgid C program that can be a security hole.
The easiest & safest solution for me is to ask you to generate an extra standalone 'crontab' package at the end of your build.
Here is a sample git tree:
https://github.com/a-detiste/crontab/commit/37ce687a58187d3cce610b28c1fad47854576584
This may not cleanly apply on top of http://anonscm.debian.org/cgit/pkg-cron/pkg-cron.git ,
because this repository is not up-to-date and doesn't include the Nmu's.
I added Ansgar in CC, as he may knows.
PS: please forgive me for using your quote here :-)
http://users.teledisnet.be/ade15809/cron-daemon.html
Alexandre Detiste
Le lundi 20 octobre 2014, 15:35:46 Yuri D'Elia a écrit :
> On 10/20/2014 03:23 PM, Alexandre Detiste wrote:
> > Hi,
> >
> > I have already discussed this bug with the two other upstreams:
> > https://github.com/systemd-cron/systemd-cron/issues/15
> >
> > They don't really want to mess with a setuid C program that is a potential security hole.
> >
> >
>
> Splitting crontab into a separate package would definitely be the way to
> go IMHO. It's true that we don't really need another implementation, and
> the proposed work-arounds are not good enough.
>
> Did you already ask the cron maintainers if such a patch will be accepted?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20141020/1a775db6/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list