464960 – sys-process/dcron - hanging jobs cause crontab updates to be ignored

Bug 464960 - sys-process/dcron - hanging jobs cause crontab updates to be ignored

Summary: sys-process/dcron - hanging jobs cause crontab updates to be ignored

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-07 15:05 UTC by Alex Efros
Modified:	2019-10-20 16:53 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Efros 2013-04-07 15:05:14 UTC

When process started by dcron doesn't exit or fork in background dcron will wait until it exit and until that happens it doesn't check for crontab updates (/var/spool/cron/crontabs/cron.update).

This is security issue because any user may add this to his crontab:
* * * * * sleep 86400
and in next 24 hours no one (including root) will be able to update their crontabs.

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2014-03-21 18:32:56 UTC

(In reply to Alex Efros from comment #0)
> When process started by dcron doesn't exit or fork in background dcron will
> wait until it exit and until that happens it doesn't check for crontab
> updates (/var/spool/cron/crontabs/cron.update).
> 
> This is security issue because any user may add this to his crontab:
> * * * * * sleep 86400

Not _any_ user. It would be a security issue if you trusted all users to set a crontab, but we already have the cron group for that.

Comment 2 Pacho Ramos gentoo-dev

2019-10-20 16:53:25 UTC

This is an upstream issue I think
http://www.jimpryor.net/linux/dcron.html