[pkg-ntp-maintainers] Bug#261213: ntp-server: Chdir to / in cron job for selinux

Erich Schubert erich at debian.org
Sun Aug 6 00:34:59 UTC 2006


Hi,
> Considering that, with exceptions, all cron jobs are run as root, this 
> would then mean that every cron job would have to do a cd / first so it 
> can do anything.  That is clearly unreasonable.  SELinux needs to be 
> fixed or there will be plenty of problems like this.

I think there is a "dontaudit" in the policy because of that for some
time now.
But actually you might WANT to know when some process is trying to
access /root when it's not supposed to do so.
And the cron jobs clearly should not access /root which may contain
things such as /root/.ssh/authorized_keys which for example is worth
protecting. Maybe even
.netrc or something which contains some password, if the admin is
careless.

I don't see much wrong with the root cronjobs using HOME=/ per default.

I mean, it's not the home directory of the cronjob, is it?

best regards,
Erich Schubert
-- 
    erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C    (o_
   It's not denial. I'm just selective about the reality I accept.   //\
  Wer keine Zeit mehr mit echten Freunden verbringt, der wird bald   V_/_
          sein Gleichgewicht verlieren. --- Michael Levine





More information about the pkg-ntp-maintainers mailing list