716628 – sys-process/bcron installs bcrontab as setuid root when it shouldn't

Bug 716628 - sys-process/bcron installs bcrontab as setuid root when it shouldn't

Summary: sys-process/bcron installs bcrontab as setuid root when it shouldn't

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-04-08 01:06 UTC by Kevin Korb
Modified:	2020-05-23 02:27 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin Korb 2020-04-08 01:06:50 UTC

The bcrontab binary should not be SUID root.  It works fine with 0750 permissions and the SUID root bit actually breaks crontab -e for any user other than root.

Reproducible: Always

Steps to Reproduce:
1.run 'crontab -e' as a non-root user in the cron group
2.
3.
Actual Results:  
You will be dumped into $EDITOR running as you but told to open a file that is owned by root and is 0600.

Expected Results:  
If you chmod 0750 /usr/bin/bcrontab it works fine.

Comment 1 Étienne Buira 2020-05-23 02:27:30 UTC

Happens here too with bcron-0.11

Caused by blindly using cron eclass' defaults (which includes suid).

This patch fixes this issue:
diff --git a/sys-process/bcron/bcron-0.11.ebuild b/sys-process/bcron/bcron-0.11.ebuild
index 81b2a47..7603fc1 100644
--- a/sys-process/bcron/bcron-0.11.ebuild
+++ b/sys-process/bcron/bcron-0.11.ebuild
@@ -37,7 +37,7 @@ src_configure() {
 src_install() {
        default
 
-       docrontab bcrontab
+       docrontab bcrontab -m 0750 -o root -g cron
        docrondir -o cron -g cron
        docrondir /var/spool/cron/tmp -o cron -g cron