Ubuntu
bastille package

bastille sets incorrect permissions on cron.allow

Bug #55741 reported by Sergei Genchev
4
Affects Status Importance Assigned to Milestone
bastille (Ubuntu)
Expired
Medium
Unassigned

Bug Description

Binary package hint: bastille

 When you run bastille on Dapper and answer "Yes" (default) to "Would you like to restrict the use of cron to administrative accounts? ", Bastille creates /etc/cron.allow file with wrong permissions - it is owned by root:root mode 600. crontab executable in Dapper is set gid crontab and cannot read this file which makes it behave as if this file was not there at all.
  I am not sure if this should be marked as a security bug or not - does not seem like a huge deal, yet bastille is supposedly "security made easy" thing and should really do what it promises..

Revision history for this message
Lionel Le Folgoc (mrpouit) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you? Thanks in advance.

Changed in bastille:
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Sergei Genchev (sgenchev) wrote :

 This bug is still there. Bastille did not get updated since. I still have to manually `chown root:crontab /etc/cron/allow; chmod 640 /etc/cron.allow`

Lionel Le Folgoc (mrpouit)
Changed in bastille:
importance: Low → Medium
status: Incomplete → Triaged
Revision history for this message
Daniel T Chen (crimsun) wrote :

Is this symptom still reproducible in 8.10 alpha?

Changed in bastille:
status: Triaged → Incomplete
Revision history for this message
Sergei Genchev (sgenchev) wrote : Re: [Bug 55741] Re: bastille sets incorrect permissions on cron.allow

 It is still present in 8.04. I do not have 8.10 to test with but
change log for Bastille shows nothing regarding this bug. Unless cron
package have changed it's setuid/setgid settings - and the last
UID/GID change I see is made on 14 Sep 2003 - I fully expect it to
continue not working.. I will test it on 8.10 someday..

On Sat, Sep 13, 2008 at 10:55 PM, Daniel T Chen <email address hidden> wrote:
> Is this symptom still reproducible in 8.10 alpha?
>
> ** Changed in: bastille (Ubuntu)
> Status: Triaged => Incomplete
>
> --
> bastille sets incorrect permissions on cron.allow
> https://bugs.launchpad.net/bugs/55741
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Revision history for this message
Dimitrios Symeonidis (azimout) wrote :

setting back to new

Changed in bastille:
status: Incomplete → New
Revision history for this message
rusivi2 (rusivi2-deactivatedaccount) wrote :

Thank you for posting this bug.

Does this occur in Lucid?

Changed in bastille (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for bastille (Ubuntu) because there has been no activity for 60 days.]

Changed in bastille (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.