Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-process/vixie-cron/files/vixie-cron-3.0.1-selinux.diff
blob: eb8111986bf9310c80bc6eefeb9d69acff9b3205 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

--- vixie-cron-3.0.1/Makefile.selinux	2003-05-20 14:52:06.000000000 -0400
+++ vixie-cron-3.0.1/Makefile	2003-05-20 14:52:21.000000000 -0400
@@ -71,7 +71,8 @@ LINTFLAGS	=	-hbxa $(INCLUDE) $(COMPAT) $
 #<<want to use a nonstandard CC?>>
 #CC		=	vcc
 #<<manifest defines>>
-DEFS		= -s
+DEFS		= -s -DWITH_SELINUX
+LIBS		+= 	-lselinux
 #(SGI IRIX systems need this)
 #DEFS		=	-D_BSD_SIGNALS -Dconst=
 #<<the name of the BSD-like install program>>
--- vixie-cron-3.0.1/database.c.selinux	2003-05-20 14:52:56.000000000 -0400
+++ vixie-cron-3.0.1/database.c	2003-05-23 13:27:24.898020960 -0400
@@ -28,6 +28,15 @@ static char rcsid[] = "$Id: database.c,v
 #include <sys/stat.h>
 #include <sys/file.h>
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#define SYSUSERNAME "system_u"
+#else
+#define SYSUSERNAME "*system*"
+#endif
+
 
 #define TMAX(a,b) ((a)>(b)?(a):(b))
 
@@ -94,7 +103,7 @@ load_database(old_db)
 	new_db.head = new_db.tail = NULL;
 
 	if (syscron_stat.st_mtime) {
-		process_crontab("root", "*system*",
+		process_crontab("root", SYSUSERNAME,
 				SYSCRONTAB, &syscron_stat,
 				&new_db, old_db);
 	}
@@ -136,7 +145,7 @@ load_database(old_db)
 
 		snprintf(tabname, MAXNAMLEN+1, "/etc/cron.d/%s", fname);
 
-		process_crontab("root", "*system*", tabname,
+		process_crontab("root", SYSUSERNAME, tabname,
 				&crond_stat, &new_db, old_db);
 	}
 	closedir(dir);
@@ -253,7 +262,7 @@ process_crontab(uname, fname, tabname, s
 	int		crontab_fd = OK - 1;
 	user		*u;
 
-	if (strcmp(fname, "*system*") && !(pw = getpwnam(uname))) {
+	if (strcmp(fname, SYSUSERNAME) && !(pw = getpwnam(uname))) {
 		/* file doesn't have a user in passwd file.
 		 */
 		log_it(fname, getpid(), "ORPHAN", "no passwd entry");
@@ -297,6 +306,43 @@ process_crontab(uname, fname, tabname, s
 		free_user(u);
 		log_it(fname, getpid(), "RELOAD", tabname);
 	}
+#ifdef WITH_SELINUX
+	if (is_selinux_enabled())	{
+	  security_context_t  file_context=NULL;
+	  security_context_t   user_context=NULL;
+	  struct av_decision avd;
+	  int retval=0;
+
+	  if (fgetfilecon(crontab_fd, &file_context) < OK) {
+	    log_it(fname, getpid(), "getfilecon FAILED", tabname);
+	    goto next_crontab;
+	  }
+
+	  /*
+	   * Since crontab files are not directly executed,
+	   * crond must ensure that the crontab file has
+	   * a context that is appropriate for the context of
+	   * the user cron job.  It performs an entrypoint
+	   * permission check for this purpose.
+	   */
+	  if (get_default_context(fname, NULL, &user_context)) {
+	    log_it(fname, getpid(), "NO CONTEXT", tabname);
+	    freecon(file_context);
+	    goto next_crontab;
+	  }
+	  retval = security_compute_av(user_context,
+				       file_context,
+				       SECCLASS_FILE,
+				       FILE__ENTRYPOINT,
+				       &avd);
+	  freecon(user_context);
+	  freecon(file_context);
+	  if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+	    log_it(fname, getpid(), "ENTRYPOINT FAILED", tabname);
+	    goto next_crontab;
+	  }
+	}
+#endif
 	u = load_user(crontab_fd, pw, fname);
 	if (u != NULL) {
 		u->mtime = statbuf->st_mtime;
--- vixie-cron-3.0.1/do_command.c.selinux	2003-05-20 14:53:12.000000000 -0400
+++ vixie-cron-3.0.1/do_command.c	2003-05-20 14:58:06.000000000 -0400
@@ -29,6 +29,9 @@ static char rcsid[] = "$Id: do_command.c
 # include <syslog.h>
 #endif
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
 
 static void		child_process __P((entry *, user *)),
 			do_univ __P((user *));
@@ -251,6 +254,20 @@ child_process(e, u)
 			 */
 			(void) signal(SIGCHLD, SIG_DFL);
 #endif
+#ifdef WITH_SELINUX
+			if (is_selinux_enabled()) {
+			  security_context_t scontext;
+			  if (get_default_context(u->name, NULL, &scontext)) {
+			    fprintf(stderr, "execle_secure: couldn't get security context for user %s\n", u->name); 
+			    _exit(ERROR_EXIT);
+			  }
+			  if (setexeccon(scontext) < 0) {
+			    fprintf(stderr, "Could not set exec context to %s for user  %s\n", scontext,u->name);
+			    _exit(ERROR_EXIT);
+			  }
+			  freecon(scontext);
+			}
+#endif
 			execle(shell, shell, "-c", e->cmd, (char *)0, e->envp);
 			fprintf(stderr, "execl: couldn't exec `%s'\n", shell);
 			perror("execl");