]> granicus.if.org Git - cronie/log
cronie
12 years agosyscrontab, the system crontab, is not mandatory anymore.
Marcela Mašláňová [Tue, 19 Jun 2012 11:31:16 +0000 (13:31 +0200)]
syscrontab, the system crontab, is not mandatory anymore.

Cronie can be build without it. The patch was based on complaints of distribution without /etc/crontab file.

https://fedorahosted.org/cronie/ticket/10

12 years agoSendmail doesn't have to be installed.
Marcela Mašláňová [Wed, 13 Jun 2012 14:21:50 +0000 (16:21 +0200)]
Sendmail doesn't have to be installed.

The info message should make sense.

https://fedorahosted.org/cronie/ticket/15

12 years agoPreviously, crond exited in the signal handler for SIGINT and SIGTERM.
Tim Landscheidt [Wed, 6 Jun 2012 15:14:06 +0000 (17:14 +0200)]
Previously, crond exited in the signal handler for SIGINT and SIGTERM.
Thus, the Inotify close code in main() was never reached.  This commit
introduces a got_sigintterm variable that is set when SIGINT or SIGTERM
are received and leads to a clean exit of the main loop.

* src/cron.c: Rename quit() to sigintterm_handler().  Add got_sigintterm
variable and set it on SIGINT and SIGTERM.  Shorten sleep and exit main
loop on got_sigintterm.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
12 years ago9th bit is overwritten.
Tim Landscheidt [Wed, 6 Jun 2012 14:49:26 +0000 (16:49 +0200)]
9th bit is overwritten.

Hour bit fields have 24 bits (0..23, 3 bytes). bit_nclear() however in this case is called to clear bits 0..24! Thus, it overwrites the first bit of the following struct member (dom). This is not problematic for normal use as dom is set after hour as are all other fields.

The last field, dow, uses 8 bits so 9 are cleared. This could be the MIN_STAR bit of flags, but as flags is an int, there is probably a padding byte in between; at least I couldn't trigger it to be unset. So this could probably only cause problems on 8-bit systems.

https://fedorahosted.org/cronie/ticket/11
Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
12 years agoRemove unused variables.
Tim Landscheidt [Wed, 6 Jun 2012 14:03:49 +0000 (16:03 +0200)]
Remove unused variables.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
12 years agoFix use of "const char *" in call to putenv().
Tim Landscheidt [Wed, 6 Jun 2012 13:57:48 +0000 (15:57 +0200)]
Fix use of "const char *" in call to putenv().

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
12 years agoThe mail header for automatic reply will now contain another field:
Marcela Mašláňová [Thu, 12 Apr 2012 11:08:39 +0000 (13:08 +0200)]
The mail header for automatic reply will now contain another field:
"Precedence: bulk", which is not compulsory according to RFC3834.

Based on: Harald Reindl request in rhbz#811186

12 years agosetkeycreatecon is not needed. Users should inherited key context if it was already...
Sven Vermeulen [Thu, 12 Apr 2012 08:38:27 +0000 (10:38 +0200)]
setkeycreatecon is not needed. Users should inherited key context if it was already set for them.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
12 years agosystemd unit file was added into contrib
Marcela Mašláňová [Wed, 11 Apr 2012 12:48:26 +0000 (14:48 +0200)]
systemd unit file was added into contrib

This unit file is used in Fedora. The systemd-user-sessions.service guarantees
everything, what is needed for log in of users, is already running
(ypbind, sssd, ldap, ...).

12 years agoadjust documentation title to reference "crontab" instead of "anacrontab"
T.M. Abraham [Wed, 11 Apr 2012 12:15:42 +0000 (14:15 +0200)]
adjust documentation title to reference "crontab" instead of "anacrontab"

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
13 years agoAdjust the documentation to better describe the current situation with crontab and...
Tomas Mraz [Wed, 7 Dec 2011 12:19:57 +0000 (13:19 +0100)]
Adjust the documentation to better describe the current situation with crontab and anacrontab.

13 years agoAdd name of file, where can be set PAM configuration.
Marcela Mašláňová [Thu, 24 Nov 2011 14:41:51 +0000 (15:41 +0100)]
Add name of file, where can be set PAM configuration.

13 years agoService restart needlessly reports failure.
Petr Sabata [Mon, 24 Oct 2011 09:17:29 +0000 (11:17 +0200)]
Service restart needlessly reports failure.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
13 years agoRaw context should be used. Especially when mcstransd in older
Marcela Mašláňová [Thu, 6 Oct 2011 07:01:12 +0000 (09:01 +0200)]
Raw context should be used. Especially when mcstransd in older
releases is running.

13 years agoNo need to have full path in the ProgramName.
Tomas Mraz [Tue, 20 Sep 2011 14:11:14 +0000 (16:11 +0200)]
No need to have full path in the ProgramName.

13 years agoMerge branch 'master' of ssh://git.fedorahosted.org/git/cronie
Tomas Mraz [Wed, 29 Jun 2011 12:30:45 +0000 (14:30 +0200)]
Merge branch 'master' of ssh://git.fedorahosted.org/git/cronie

13 years agoFix wrong condition in cron_set_unwatched(). Do not disable inotify when crontabs...
Tomas Mraz [Wed, 29 Jun 2011 10:42:27 +0000 (12:42 +0200)]
Fix wrong condition in cron_set_unwatched(). Do not disable inotify when crontabs are missing.

13 years agoRevert "Cronie disables inotify support when the /etc/crontab file does not exist...
Tomas Mraz [Wed, 29 Jun 2011 09:06:24 +0000 (11:06 +0200)]
Revert "Cronie disables inotify support when the /etc/crontab file does not exist at startup."

This reverts commit acdf4ae8456888ed78201906ef528f4c28f54582 as it introduces
fd leaks.

13 years agoMinor release 1.4.8 cronie1.4.8
Marcela Mašláňová [Mon, 27 Jun 2011 14:02:44 +0000 (16:02 +0200)]
Minor release 1.4.8

13 years agoCron writes job output to syslog incorrectly. When cron is invoked in a way to print...
Marcela Mašláňová [Fri, 24 Jun 2011 10:10:11 +0000 (12:10 +0200)]
Cron writes job output to syslog incorrectly. When cron is invoked in a way to print job output to syslog, it does print only the first character of the output. Author: Vitezslav Cizek

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
13 years agoCheck orphaned crontabs for adoption.
Tomas Mraz [Tue, 21 Jun 2011 18:26:38 +0000 (20:26 +0200)]
Check orphaned crontabs for adoption.

13 years agoUnify logging in case of SyslogOutput with the rest of crond.
Tomas Mraz [Tue, 21 Jun 2011 10:00:28 +0000 (12:00 +0200)]
Unify logging in case of SyslogOutput with the rest of crond.

13 years agoChange of email adress of cluster support author.
Marcela Mašláňová [Thu, 26 May 2011 15:43:34 +0000 (17:43 +0200)]
Change of email adress of cluster support author.

13 years agoThe charset of anacron's mail is always ANSI_X3.4-1968. There are no setlocale is...
Kiyoshi OHGISHI [Mon, 16 May 2011 13:56:43 +0000 (15:56 +0200)]
The charset of anacron's mail is always ANSI_X3.4-1968. There are no setlocale is anacron's source.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
13 years agoCronie disables inotify support when the /etc/crontab file does not exist at startup.
Marcela Mašláňová [Thu, 28 Apr 2011 08:32:17 +0000 (10:32 +0200)]
Cronie disables inotify support when the /etc/crontab file does not exist at startup.

Existence of crontab and directories wasn't controlled before creating
inotify watches.

13 years agoClean configure. cronie1.4.7
Marcela Mašláňová [Tue, 15 Mar 2011 14:19:12 +0000 (15:19 +0100)]
Clean configure.

13 years agoNew release 1.4.7.
Marcela Mašláňová [Tue, 15 Mar 2011 12:13:34 +0000 (13:13 +0100)]
New release 1.4.7.

13 years agoSplit relro and pie into two options.
Marcela Mašláňová [Tue, 15 Mar 2011 12:04:10 +0000 (13:04 +0100)]
Split relro and pie into two options.

13 years agoAdd missing va_end() call.
Tomas Mraz [Fri, 11 Mar 2011 17:34:38 +0000 (18:34 +0100)]
Add missing va_end() call.

13 years agoRemove unused variable.
Tomas Mraz [Fri, 11 Mar 2011 17:32:27 +0000 (18:32 +0100)]
Remove unused variable.

13 years agoFix incorrect pointer in sizeof.
Tomas Mraz [Fri, 11 Mar 2011 17:30:06 +0000 (18:30 +0100)]
Fix incorrect pointer in sizeof.

13 years agoFixed leaking of env and members of entry in replace_cmd().
Tomas Mraz [Fri, 11 Mar 2011 17:25:47 +0000 (18:25 +0100)]
Fixed leaking of env and members of entry in replace_cmd().

13 years agoFix memory leaks in load_user.
Tomas Mraz [Fri, 11 Mar 2011 17:08:45 +0000 (18:08 +0100)]
Fix memory leaks in load_user.

13 years agoThe last bit to set is always LAST_ - FIRST_.
Tomas Mraz [Fri, 11 Mar 2011 16:42:56 +0000 (17:42 +0100)]
The last bit to set is always LAST_ - FIRST_.

13 years agoCheck malloc return for NULL.
Tomas Mraz [Fri, 11 Mar 2011 16:02:25 +0000 (17:02 +0100)]
Check malloc return for NULL.

13 years agoDo not try to compile dead code.
Tomas Mraz [Fri, 11 Mar 2011 15:55:33 +0000 (16:55 +0100)]
Do not try to compile dead code.

13 years agoRename set_cron_cwd() to check_spool_dir() as we do not do any chdir
Tomas Mraz [Fri, 11 Mar 2011 13:06:26 +0000 (14:06 +0100)]
Rename set_cron_cwd() to check_spool_dir() as we do not do any chdir
anymore.

13 years agoAdd missing check for stat() return value.
Tomas Mraz [Fri, 11 Mar 2011 13:02:35 +0000 (14:02 +0100)]
Add missing check for stat() return value.

13 years agoSafeguard for system time changes. Otherwise anacron might wait with the job
Tomas Mraz [Wed, 9 Mar 2011 07:37:38 +0000 (08:37 +0100)]
Safeguard for system time changes. Otherwise anacron might wait with the job
running for a too long time.

13 years agoFix the non-default timezone support. Do not run jobs multiple times
Tomas Mraz [Tue, 8 Mar 2011 14:22:37 +0000 (15:22 +0100)]
Fix the non-default timezone support. Do not run jobs multiple times
on DST change.

13 years agoSet mailfrom to the user account, better PAM logging.
Tomas Mraz [Mon, 7 Mar 2011 14:01:26 +0000 (15:01 +0100)]
Set mailfrom to the user account, better PAM logging.

13 years agoSet only groups in the process handling PAM calls. Keep uids at 0
Tomas Mraz [Mon, 7 Mar 2011 13:27:46 +0000 (14:27 +0100)]
Set only groups in the process handling PAM calls. Keep uids at 0
so the process is not killable by the user.

13 years agoWhitespace cleanups.
Tomas Mraz [Wed, 2 Mar 2011 19:37:39 +0000 (20:37 +0100)]
Whitespace cleanups.

13 years agoFix SIGPIPE handling in do_command() and popen.
Tomas Mraz [Wed, 2 Mar 2011 19:34:08 +0000 (20:34 +0100)]
Fix SIGPIPE handling in do_command() and popen.
Ensure that PAM session is always closed.

13 years agoComment not freeing mailfrom - found during code review.
Marcela Mašláňová [Mon, 21 Feb 2011 12:33:08 +0000 (13:33 +0100)]
Comment not freeing mailfrom - found during code review.

13 years agoFree security contexts.
Marcela Mašláňová [Mon, 21 Feb 2011 12:29:17 +0000 (13:29 +0100)]
Free security contexts.

13 years agomkstemp needs only 6 X's
Marcela Mašláňová [Fri, 18 Feb 2011 14:20:47 +0000 (15:20 +0100)]
mkstemp needs only 6 X's

13 years agofdin could be tested before initialization.
Marcela Mašláňová [Mon, 21 Feb 2011 12:23:35 +0000 (13:23 +0100)]
fdin could be tested before initialization.

13 years agoPIE and RELRO flags to be set
Marcela Mašláňová [Thu, 17 Feb 2011 14:08:58 +0000 (15:08 +0100)]
PIE and RELRO flags to be set

We want all long running daemons to have PIE and RELRO flags set. This is a
missing security mechanism. Fixing this generally involves adding -fPIE -DPIE
to the CFLAGS, and -pie -Wl,-z,relro -Wl,-z,now  to the LDFLAGS.
Expected results:
PIE and partial RELRO at a minimum.

14 years agoAdd translation for remaining hardcoded contexts and av bits.
Tomas Mraz [Thu, 16 Dec 2010 16:20:12 +0000 (17:20 +0100)]
Add translation for remaining hardcoded contexts and av bits.

14 years agoRevert "Cache the security class and bit values and translate the remaining hardcoded...
Tomas Mraz [Thu, 16 Dec 2010 16:06:28 +0000 (17:06 +0100)]
Revert "Cache the security class and bit values and translate the remaining hardcoded values."
Caching cannot be done as the values can change on SELinux policy update.

This reverts commit b15f72976965d2ae1a1273558bf45be7de077b79.

14 years agoRevert "Missing exit if cron_init_security() fails."
Tomas Mraz [Thu, 16 Dec 2010 16:05:37 +0000 (17:05 +0100)]
Revert "Missing exit if cron_init_security() fails."
Caching cannot be done as the values can change on SELinux policy update.

This reverts commit ac70de36ec6c403c28291689701bd2567c565107.

14 years agoMissing exit if cron_init_security() fails.
Tomas Mraz [Thu, 16 Dec 2010 10:45:17 +0000 (11:45 +0100)]
Missing exit if cron_init_security() fails.

14 years agoCache the security class and bit values and translate the remaining hardcoded values.
Tomas Mraz [Wed, 15 Dec 2010 21:51:38 +0000 (22:51 +0100)]
Cache the security class and bit values and translate the remaining hardcoded values.

14 years agoClean up unnecessary assignment.
Tomas Mraz [Wed, 15 Dec 2010 15:16:04 +0000 (16:16 +0100)]
Clean up unnecessary assignment.

14 years agoThis patch causes cronie to ask kernel for constant definition
Dan Walsh [Wed, 15 Dec 2010 13:31:46 +0000 (14:31 +0100)]
This patch causes cronie to ask kernel for constant definition
rather then using hard coded

Also add info to syslog message to help diagnose problems.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years agoDo not lock jobs that fall out of allowed range - rhbz#661966
Tomas Mraz [Fri, 10 Dec 2010 17:12:36 +0000 (18:12 +0100)]
Do not lock jobs that fall out of allowed range - rhbz#661966

14 years agoMan - another typo
Marcela Mašláňová [Tue, 26 Oct 2010 09:54:18 +0000 (11:54 +0200)]
Man - another typo

14 years agoRe-add missing option into man and fix some typos.
Marcela Mašláňová [Tue, 26 Oct 2010 08:19:33 +0000 (10:19 +0200)]
Re-add missing option into man and fix some typos.

Thanks to Colin Dean.

14 years agoNew release 1.4.6 cronie1.4.6
Marcela Mašláňová [Fri, 22 Oct 2010 07:52:53 +0000 (09:52 +0200)]
New release 1.4.6

14 years agoRewrite of man pages & correction.
Martin Prpič [Thu, 21 Oct 2010 15:36:18 +0000 (17:36 +0200)]
Rewrite of man pages & correction.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years agoRemove useless man page.
Marcela Mašláňová [Thu, 21 Oct 2010 15:29:12 +0000 (17:29 +0200)]
Remove useless man page.

Thanks to Colin Dean.

14 years agoApply previous patch correctly.
Marcela Mašláňová [Thu, 21 Oct 2010 06:19:22 +0000 (08:19 +0200)]
Apply previous patch correctly.

14 years agoCheck clustering before un/watch function
Colin Dean [Wed, 20 Oct 2010 14:20:36 +0000 (16:20 +0200)]
Check clustering before un/watch function

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years agoMerge branch 'cluster'
Marcela Mašláňová [Wed, 13 Oct 2010 10:47:27 +0000 (12:47 +0200)]
Merge branch 'cluster'

14 years agoCheck clustering before un/watch function
Marcela Mašláňová [Fri, 8 Oct 2010 10:17:15 +0000 (12:17 +0200)]
Check clustering before un/watch function

14 years agoman page typo: change to correct option
Marcela Mašláňová [Thu, 7 Oct 2010 15:10:50 +0000 (17:10 +0200)]
man page typo: change to correct option

14 years agoRemove cluster support from inotify_database
Marcela Mašláňová [Wed, 6 Oct 2010 11:46:14 +0000 (13:46 +0200)]
Remove cluster support from inotify_database

check_inotify_database is called only when inotify is on, which
is not with cluster support.

14 years agoThe crontab command uses "-c" and "-n" instead of "-h".
Colin Dean [Wed, 6 Oct 2010 09:38:37 +0000 (11:38 +0200)]
The crontab command uses "-c" and "-n" instead of "-h".

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years agoCorrect ifdef HAVE_FCHOWN
Marcela Mašláňová [Mon, 4 Oct 2010 17:05:20 +0000 (19:05 +0200)]
Correct ifdef HAVE_FCHOWN

Based on https://fedorahosted.org/cronie/ticket/7
Thanks to crrodriguez

14 years agois_local set to zero
Marcela Mašláňová [Mon, 4 Oct 2010 16:41:38 +0000 (18:41 +0200)]
is_local set to zero

14 years agocronie on cluster
Colin Dean [Mon, 4 Oct 2010 14:29:12 +0000 (16:29 +0200)]
cronie on cluster

On issue we have is that although we've made our services very
resilient, by employing HA failover, load balancing and round robin DNS,
the one service that's difficult to do anything with is cron, because it
has traditionally been tied to a single machine.

For instance, we have a cluster of 4 Fedora servers which our end users
use as timeshare systems, using round robin DNS, and if one of the
servers is down it doesn't really matter too much. We don't even backup
the servers, relying on NFS home directories and rebuilding from scratch
using kickstart + cfengine if a server fails and can't be restarted.

However, the users have scattered crontab files around the 4 servers, so
that if the particular server a cron job is meant to run on dies, the
job doesn't run any more, and the crontab file may be permanently lost.

What we needed was a facility to allow crontabs in /var/spool/cron on
these 4 servers be NFS mounted from a single directory on our NetApp
filers (so giving us backups and snapshots), with any user able to run
"crontab -e" from any of the servers to manage a single shared crontab,
and for us in the IT Service to be able to set just one of the 4 servers
to run user crontab jobs at any time. However, we needed to keep
/etc/crontab and the files in /etc/cron.d/ specific to each individual
server still, and keep crond running on all 4 servers.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years agoTypo in log message
Marcela Mašláňová [Mon, 30 Aug 2010 08:12:09 +0000 (10:12 +0200)]
Typo in log message

Based on Tom London report https://bugzilla.redhat.com/show_bug.cgi?id=626947

14 years agoClose leaking file descriptor
Marcela Mašláňová [Mon, 23 Aug 2010 13:32:13 +0000 (15:32 +0200)]
Close leaking file descriptor

anacron was leaking fd, which caused denial of jobs by selinux.

14 years agoNew minor release 1.4.5. cronie1.4.5
Marcela Mašláňová [Mon, 2 Aug 2010 13:27:00 +0000 (15:27 +0200)]
New minor release 1.4.5.

14 years agoOK value printed twice
Marcela Mašláňová [Mon, 2 Aug 2010 12:59:38 +0000 (14:59 +0200)]
OK value printed twice

Fix based on 615107. There were too many OK's messages.

14 years agoHelp and usage fix
Marcela Mašláňová [Wed, 21 Jul 2010 11:52:51 +0000 (13:52 +0200)]
Help and usage fix

Option -h was added. Also details about options were added into usage.

14 years agoman crond -i
Marcela Mašláňová [Wed, 21 Jul 2010 10:31:16 +0000 (12:31 +0200)]
man crond -i

Document missing option.

14 years agoSyslog output will be used instead of mail
Marcela Mašláňová [Mon, 12 Jul 2010 13:58:04 +0000 (15:58 +0200)]
Syslog output will be used instead of mail

If sendmail isn't installed, syslog is used. This patch should
also solve problem with RPM requirements of sendmail
(and which mail should be installed by default).

Based on: https://bugzilla.redhat.com/show_bug.cgi?id=472710#c42

14 years agoRemove the whole unused part.
Marcela Mašláňová [Wed, 14 Apr 2010 14:08:13 +0000 (16:08 +0200)]
Remove the whole unused part.

14 years agoRemove 'dont log' part which probably never worked.
Marcela Mašláňová [Wed, 14 Apr 2010 13:44:48 +0000 (15:44 +0200)]
Remove 'dont log' part which probably never worked.

14 years agoBeautify error outputs.
Marcela Mašláňová [Wed, 14 Apr 2010 13:12:18 +0000 (15:12 +0200)]
Beautify error outputs.

14 years agoOption "-" don't log jobs as root
Michal Seben [Wed, 14 Apr 2010 12:01:42 +0000 (14:01 +0200)]
Option "-" don't log jobs as root

If the uid of the owner is 0 (root), he can put a "-" as first
character of a crontab entry. This will prevent cron from writing
a syslog message about this command getting executed.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years agoCorrectly reported PAM errors
Michal Seben [Wed, 14 Apr 2010 11:26:48 +0000 (13:26 +0200)]
Correctly reported PAM errors

cron_conv could be helpfull for debug purposes, when something bad happens
with pam e.g. : expired user password - without cron_conv cronie doesn't
report usefull info in syslog messages  (it just write no conversation
function error to messages file),if you want to do quick test of pam
conversation function, you  could set PASS_MAX_DAYS and PASS_WARN_AGE in
etc/login.defs , add new user and for this user create cron rule (crontab -e)

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years ago0anacron should check only readability.
Andrew Man-Hon Lau [Thu, 25 Mar 2010 06:50:19 +0000 (07:50 +0100)]
0anacron should check only readability.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years agoRevert previous change. The code which control the input entry
Marcela Mašláňová [Tue, 23 Mar 2010 15:33:12 +0000 (16:33 +0100)]
Revert previous change. The code which control the input entry
should be sufficient. Only "/" are removed from scripts.

14 years agoIn system tables was hardcoded home directory to "/". This was changed
Marcela Mašláňová [Mon, 22 Mar 2010 09:58:01 +0000 (10:58 +0100)]
In system tables was hardcoded home directory to "/". This was changed
to switching to "/" only when home for user isn't defined.

Based on rhbz#575419

14 years agoDefinition of system crontables.
Marcela Mašláňová [Tue, 23 Feb 2010 08:34:58 +0000 (09:34 +0100)]
Definition of system crontables.

14 years agoNew release cronie1.4.4
Marcela Mašláňová [Thu, 18 Feb 2010 08:29:28 +0000 (09:29 +0100)]
New release

14 years agoCVE-2010-0424 -- crontab -e crontab file timestamp race condition
Marcela Mašláňová [Wed, 17 Feb 2010 10:51:45 +0000 (11:51 +0100)]
CVE-2010-0424 -- crontab -e crontab file timestamp race condition

When run as "crontab -e", crontab creates a temporary file in /tmp, copies the
contents of an existing crontab to this file, and then calls utime() on the
temporary file name to set its mtime and atime to 0, in order to check after
editing whether or not the file has been modified.
Since the file is created with the user's euid, and because utime is called on
the file as root, an attacker can replace the temporary file after it is
created with a symlink to any file or folder on disk, which will then have its
atime and mtime set to 0. This is certainly not a critical issue, but this
action can be used to deny service in many scenarios. For example, the cron
daemon checks the mtime of the crontab spool folder and its contents to
determine whether or not it needs to update its database of cronjobs, and if
these times are reset to 0, no new cronjobs will be added. Other daemons
relying on accurate timestamps may be similarly affected. Finally, build tools
such as make could be tricked into not re-compiling source, based on an old
timestamp.
Thanks to: Dan Rosenberg

14 years agoDynamic shared libraries -laudit
Marcela Mašláňová [Tue, 16 Feb 2010 07:28:01 +0000 (08:28 +0100)]
Dynamic shared libraries -laudit

There is need to add -laudit into gcc options because now it's not
found automatically. Based on:
http://fedoraproject.org/wiki/Features/ChangeInImplicitDSOLinking

14 years agoMake man page more readable based on #564206.
Marcela Mašláňová [Fri, 12 Feb 2010 09:43:19 +0000 (10:43 +0100)]
Make man page more readable based on #564206.

14 years agoCRON_VALIDATE_MAILRCPTS was removed, because it was not used anyway.
Marcela Mašláňová [Mon, 25 Jan 2010 08:20:06 +0000 (09:20 +0100)]
CRON_VALIDATE_MAILRCPTS was removed, because it was not used anyway.

14 years agoWith NFS homes can't be job executed, because root can't access
Marcela Mašláňová [Wed, 13 Jan 2010 12:54:43 +0000 (13:54 +0100)]
With NFS homes can't be job executed, because root can't access
this directory.

14 years agoDisable mailing output.
Will Woods [Tue, 5 Jan 2010 15:44:18 +0000 (16:44 +0100)]
Disable mailing output.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
14 years agoOutput could be redirectered to syslog.
Will Woods [Tue, 5 Jan 2010 15:43:49 +0000 (16:43 +0100)]
Output could be redirectered to syslog.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>
15 years agoCron doesn't use environment values from /etc/security/pam_env.conf.
Marcela Mašláňová [Mon, 21 Dec 2009 12:58:08 +0000 (13:58 +0100)]
Cron doesn't use environment values from /etc/security/pam_env.conf.
This was fixed by moving pam_setcred into first part of authentication
of pam.

15 years agoInitscript: if unprivileged user stop deamon, it should return 4.
Marcela Mašláňová [Fri, 27 Nov 2009 09:10:38 +0000 (10:10 +0100)]
Initscript: if unprivileged user stop deamon, it should return 4.

15 years agoInitscript: if unprivileged user restart deamon, it should return 4.
Marcela Mašláňová [Fri, 27 Nov 2009 08:58:15 +0000 (09:58 +0100)]
Initscript: if unprivileged user restart deamon, it should return 4.

15 years agoThis function will be probably removed from libselinux, so it is added into source...
Guido Trentalancia [Thu, 5 Nov 2009 15:47:56 +0000 (16:47 +0100)]
This function will be probably removed from libselinux, so it is added into source code here.

Signed-off-by: Marcela Mašláňová <mmaslano@redhat.com>