Make vixie cron mode actually work, and work safely

I suspect nobody has used the legacy cron mode in a long time, possibly
ever. If you look at the changes I've made, you'll probably see why I suspect
this. I happen to have tried to use it so that one of my users could use the
format he was familiar with, and ended up making a lot of necessary fixes -
some just to make it work, but many to achieve the most basic of security
requirements.

If anyone has mcron's crontab script installed setuid-root and is on a system
that respects the setuid bit of scripts, or has manually created a setuid
wrapper around the crontab script, they should apply these patches
ASAP.

ulfvonbelow (5):
  cron: use signal numbers instead of symbols.
  Makefile.am: don't install cron as setuid.
  config.scm.in: rename to config.scm.in.in, substitute from Makefile.
  crontab: split into crontab and setuid helper crontab-access.
  crontab-access: replace with wrapper, rename to crontab-access-real.

 Makefile.am                                   |  53 +++-
 configure.ac                                  |  10 +-
 src/crontab-access-real.in                    |  45 ++++
 src/crontab-access.c.in                       |  10 +
 src/mcron/{config.scm.in => config.scm.in.in} |   1 +
 src/mcron/scripts/cron.scm                    |   2 +-
 src/mcron/scripts/crontab-access.scm          | 121 +++++++++
 src/mcron/scripts/crontab.scm                 | 255 ++++++++----------
 8 files changed, 338 insertions(+), 159 deletions(-)
 create mode 100644 src/crontab-access-real.in
 create mode 100644 src/crontab-access.c.in
 rename src/mcron/{config.scm.in => config.scm.in.in} (97%)
 create mode 100644 src/mcron/scripts/crontab-access.scm

--
2.38.1

This commit is contained in:

ulfvonbelow

2023-02-02 19:29:47 +00:00

• committed by

Dale Mellor

parent cbce8eb293

commit 9211d46225

Signed by:

khleedril

GPG key ID: CA471FD501618A49

Make vixie cron mode actually work, and work safely

Diff content is not available