--- vixie-cron-3.0.1/Makefile.selinux 2003-05-20 14:52:06.000000000 -0400 +++ vixie-cron-3.0.1/Makefile 2003-05-20 14:52:21.000000000 -0400 @@ -71,7 +71,8 @@ LINTFLAGS = -hbxa $(INCLUDE) $(COMPAT) $ #<> #CC = vcc #<> -DEFS = -s +DEFS = -s -DWITH_SELINUX +LIBS += -lselinux #(SGI IRIX systems need this) #DEFS = -D_BSD_SIGNALS -Dconst= #<> --- vixie-cron-3.0.1/database.c.selinux 2003-05-20 14:52:56.000000000 -0400 +++ vixie-cron-3.0.1/database.c 2003-05-23 13:27:24.898020960 -0400 @@ -28,6 +28,15 @@ static char rcsid[] = "$Id: database.c,v #include #include +#ifdef WITH_SELINUX +#include +#include +#include +#define SYSUSERNAME "system_u" +#else +#define SYSUSERNAME "*system*" +#endif + #define TMAX(a,b) ((a)>(b)?(a):(b)) @@ -94,7 +103,7 @@ load_database(old_db) new_db.head = new_db.tail = NULL; if (syscron_stat.st_mtime) { - process_crontab("root", "*system*", + process_crontab("root", SYSUSERNAME, SYSCRONTAB, &syscron_stat, &new_db, old_db); } @@ -136,7 +145,7 @@ load_database(old_db) snprintf(tabname, MAXNAMLEN+1, "/etc/cron.d/%s", fname); - process_crontab("root", "*system*", tabname, + process_crontab("root", SYSUSERNAME, tabname, &crond_stat, &new_db, old_db); } closedir(dir); @@ -253,7 +262,7 @@ process_crontab(uname, fname, tabname, s int crontab_fd = OK - 1; user *u; - if (strcmp(fname, "*system*") && !(pw = getpwnam(uname))) { + if (strcmp(fname, SYSUSERNAME) && !(pw = getpwnam(uname))) { /* file doesn't have a user in passwd file. */ log_it(fname, getpid(), "ORPHAN", "no passwd entry"); @@ -297,6 +306,43 @@ process_crontab(uname, fname, tabname, s free_user(u); log_it(fname, getpid(), "RELOAD", tabname); } +#ifdef WITH_SELINUX + if (is_selinux_enabled()) { + security_context_t file_context=NULL; + security_context_t user_context=NULL; + struct av_decision avd; + int retval=0; + + if (fgetfilecon(crontab_fd, &file_context) < OK) { + log_it(fname, getpid(), "getfilecon FAILED", tabname); + goto next_crontab; + } + + /* + * Since crontab files are not directly executed, + * crond must ensure that the crontab file has + * a context that is appropriate for the context of + * the user cron job. It performs an entrypoint + * permission check for this purpose. + */ + if (get_default_context(fname, NULL, &user_context)) { + log_it(fname, getpid(), "NO CONTEXT", tabname); + freecon(file_context); + goto next_crontab; + } + retval = security_compute_av(user_context, + file_context, + SECCLASS_FILE, + FILE__ENTRYPOINT, + &avd); + freecon(user_context); + freecon(file_context); + if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { + log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname); + goto next_crontab; + } + } +#endif u = load_user(crontab_fd, pw, fname); if (u != NULL) { u->mtime = statbuf->st_mtime; --- vixie-cron-3.0.1/do_command.c.selinux 2003-05-20 14:53:12.000000000 -0400 +++ vixie-cron-3.0.1/do_command.c 2003-05-20 14:58:06.000000000 -0400 @@ -29,6 +29,9 @@ static char rcsid[] = "$Id: do_command.c # include #endif +#ifdef WITH_SELINUX +#include +#endif static void child_process __P((entry *, user *)), do_univ __P((user *)); @@ -251,6 +254,20 @@ child_process(e, u) */ (void) signal(SIGCHLD, SIG_DFL); #endif +#ifdef WITH_SELINUX + if (is_selinux_enabled()) { + security_context_t scontext; + if (get_default_context(u->name, NULL, &scontext)) { + fprintf(stderr, "execle_secure: couldn't get security context for user %s\n", u->name); + _exit(ERROR_EXIT); + } + if (setexeccon(scontext) < 0) { + fprintf(stderr, "Could not set exec context to %s for user %s\n", scontext,u->name); + _exit(ERROR_EXIT); + } + freecon(scontext); + } +#endif execle(shell, shell, "-c", e->cmd, (char *)0, e->envp); fprintf(stderr, "execl: couldn't exec `%s'\n", shell); perror("execl");