1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
--- vixie-cron-3.0.1/Makefile.selinux 2003-05-20 14:52:06.000000000 -0400
+++ vixie-cron-3.0.1/Makefile 2003-05-20 14:52:21.000000000 -0400
@@ -71,7 +71,8 @@ LINTFLAGS = -hbxa $(INCLUDE) $(COMPAT) $
#<<want to use a nonstandard CC?>>
#CC = vcc
#<<manifest defines>>
-DEFS =
+DEFS = -s -DWITH_SELINUX
+LIBS += -lselinux
#(SGI IRIX systems need this)
#DEFS = -D_BSD_SIGNALS -Dconst=
#<<the name of the BSD-like install program>>
--- vixie-cron-3.0.1/database.c.selinux 2003-05-20 14:52:56.000000000 -0400
+++ vixie-cron-3.0.1/database.c 2003-05-23 13:27:24.898020960 -0400
@@ -28,6 +28,15 @@
#include "cron.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#define SYSUSERNAME "system_u"
+#else
+#define SYSUSERNAME "*system*"
+#endif
+
#define TMAX(a,b) ((a)>(b)?(a):(b))
static void process_crontab(const char *, const char *,
@@ -217,7 +226,7 @@
if (fname == NULL) {
/* must be set to something for logging purposes.
*/
- fname = "*system*";
+ fname = SYSUSERNAME;
} else if ((pw = getpwnam(uname)) == NULL) {
/* file doesn't have a user in passwd file.
*/
@@ -279,6 +288,43 @@
free_user(u);
log_it(fname, getpid(), "RELOAD", tabname);
}
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled()) {
+ security_context_t file_context=NULL;
+ security_context_t user_context=NULL;
+ struct av_decision avd;
+ int retval=0;
+
+ if (fgetfilecon(crontab_fd, &file_context) < OK) {
+ log_it(fname, getpid(), "getfilecon FAILED", tabname);
+ goto next_crontab;
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (get_default_context(fname, NULL, &user_context)) {
+ log_it(fname, getpid(), "NO CONTEXT", tabname);
+ freecon(file_context);
+ goto next_crontab;
+ }
+ retval = security_compute_av(user_context,
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ freecon(user_context);
+ freecon(file_context);
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+ log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname);
+ goto next_crontab;
+ }
+ }
+#endif
u = load_user(crontab_fd, pw, fname);
if (u != NULL) {
u->mtime = statbuf->st_mtime;
--- vixie-cron-3.0.1/do_command.c.selinux 2003-05-20 14:53:12.000000000 -0400
+++ vixie-cron-3.0.1/do_command.c 2003-05-20 14:58:06.000000000 -0400
@@ -25,6 +25,10 @@
#include "cron.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
static void child_process(entry *, user *);
static int safe_p(const char *, const char *);
@@ -265,6 +269,20 @@
_exit(OK_EXIT);
}
# endif /*DEBUGGING*/
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled()) {
+ security_context_t scontext;
+ if (get_default_context(u->name, NULL, &scontext)) {
+ fprintf(stderr, "execle_secure: couldn't get security context for user %s\n", u->name);
+ _exit(ERROR_EXIT);
+ }
+ if (setexeccon(scontext) < 0) {
+ fprintf(stderr, "Could not set exec context to %s for user %s\n", scontext,u->name);
+ _exit(ERROR_EXIT);
+ }
+ freecon(scontext);
+ }
+#endif
execle(shell, shell, "-c", e->cmd, (char *)0, e->envp);
fprintf(stderr, "execl: couldn't exec `%s'\n", shell);
perror("execl");
|
