Enhancement suggestion: additional security #90
Comments
|
Hmm, what is the difference here from any other execution of scripts or binaries by root? I do not think crond should be special in this regard. I do not think I am going to add such feature. |
|
Difference is that crond is unattended. If I'm running a script as root at the command line there is a presumption I know what I am running (though clearly there are attack vectors there too, such as users putting a hacked binary with the same name as a system command like ls into their own directory hoping root will run it - one of the reasons why root should not have ./ in its path). I can take a cron script being run by root and writeable by a non privileged user and create a privilege escalation attack vector from that and no one will be the wiser since it's all happening unattended. |
|
The only check from the above that might be acceptable is refusing to exec world-writeable stuff. All the other cases might be legitimate use-cases. And no, I do not see as "all happening unattended" making any real difference. |
I'd like to suggest an additional security feature.
Cron refuses to execute commands/scripts where any of the following apply:
If any apply, cron outputs an error message instead of the command / script output
The main idea is to avoid execution by root of files editable by non privileged users, but is applicable in general to any user.
While not 100% foolproof (it does not stop inclusion of other files in scripts) it provides a first level of protection for an issue which may not be apparent to users setting up a cron job that has to be executed by root
The feature could be deliberately overridden by a command line parameter.
The text was updated successfully, but these errors were encountered: