1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
diff -purN vixie-cron-4.1.orig/Makefile vixie-cron-4.1/Makefile
--- vixie-cron-4.1.orig/Makefile 2004-08-27 14:09:33.000000000 -0400
+++ vixie-cron-4.1/Makefile 2008-08-25 15:17:20.062720415 -0400
@@ -68,7 +68,8 @@ LINTFLAGS = -hbxa $(INCLUDE) $(DEBUGGING
#<<want to use a nonstandard CC?>>
CC = gcc -Wall -Wno-unused -Wno-comment
#<<manifest defines>>
-DEFS =
+DEFS = -s -DWITH_SELINUX
+LIBS += -lselinux
#(SGI IRIX systems need this)
#DEFS = -D_BSD_SIGNALS -Dconst=
#<<the name of the BSD-like install program>>
diff -purN vixie-cron-4.1.orig/database.c vixie-cron-4.1/database.c
--- vixie-cron-4.1.orig/database.c 2004-08-27 14:09:34.000000000 -0400
+++ vixie-cron-4.1/database.c 2008-08-27 08:19:37.948930858 -0400
@@ -28,6 +28,16 @@ static char rcsid[] = "# $Id$
#include "cron.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#include <selinux/get_context_list.h>
+#define SYSUSERNAME "system_u"
+#else
+#define SYSUSERNAME "*system*"
+#endif
+
#define TMAX(a,b) ((a)>(b)?(a):(b))
static void process_crontab(const char *, const char *,
@@ -183,7 +193,7 @@ process_crontab(const char *uname, const
if (fname == NULL) {
/* must be set to something for logging purposes.
*/
- fname = "*system*";
+ fname = SYSUSERNAME;
} else if ((pw = getpwnam(uname)) == NULL) {
/* file doesn't have a user in passwd file.
*/
@@ -245,6 +255,56 @@ process_crontab(const char *uname, const
free_user(u);
log_it(fname, getpid(), "RELOAD", tabname);
}
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled()) {
+ security_context_t file_context=NULL;
+ security_context_t user_context=NULL;
+ struct av_decision avd;
+ int retval=0;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ if (fgetfilecon(crontab_fd, &file_context) < OK) {
+ log_it(fname, getpid(), "getfilecon FAILED", tabname);
+ goto next_crontab;
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (getseuserbyname(fname, &seuser, &level) < 0) {
+ log_it(fname, getpid(), "NO SEUSER", tabname);
+ goto next_crontab;
+ }
+
+ if (get_default_context_with_level(seuser, level, NULL, &user_context) < 0) {
+ log_it(fname, getpid(), "NO CONTEXT", tabname);
+ freecon(file_context);
+ free(seuser);
+ free(level);
+ goto next_crontab;
+ }
+
+ retval = security_compute_av(user_context,
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ freecon(user_context);
+ freecon(file_context);
+ free(seuser);
+ free(level);
+
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+ log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname);
+ goto next_crontab;
+ }
+ }
+#endif
u = load_user(crontab_fd, pw, fname);
if (u != NULL) {
u->mtime = statbuf->st_mtime;
diff -purN vixie-cron-4.1.orig/do_command.c vixie-cron-4.1/do_command.c
--- vixie-cron-4.1.orig/do_command.c 2004-08-27 14:09:34.000000000 -0400
+++ vixie-cron-4.1/do_command.c 2008-08-25 15:43:43.289174371 -0400
@@ -25,6 +25,11 @@ static char rcsid[] = "# $Id$
#include "cron.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+#endif
+
static void child_process(entry *, user *);
static int safe_p(const char *, const char *);
@@ -265,6 +270,29 @@ child_process(entry *e, user *u) {
_exit(OK_EXIT);
}
# endif /*DEBUGGING*/
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled()) {
+ char *seuser=NULL;
+ char *level=NULL;
+ security_context_t scontext;
+
+ if (getseuserbyname(u->name, &seuser, &level) < 0) {
+ fprintf(stderr, "getseuserbyname: Could not determine seuser for user %s\n", u->name);
+ _exit(ERROR_EXIT);
+ }
+ if (get_default_context_with_level(seuser, level, NULL, &scontext) < 0) {
+ fprintf(stderr, "get_default_context_with_level: could not get security context for user %s, seuser %s\n", u->name, seuser);
+ _exit(ERROR_EXIT);
+ }
+ if (setexeccon(scontext) < 0) {
+ fprintf(stderr, "setexeccon: Could not set exec context to %s for user %s\n", scontext, u->name);
+ _exit(ERROR_EXIT);
+ }
+ free(seuser);
+ free(level);
+ freecon(scontext);
+ }
+#endif
execle(shell, shell, "-c", e->cmd, (char *)0, e->envp);
fprintf(stderr, "execl: couldn't exec `%s'\n", shell);
perror("execl");
|