Crontab Security

The UNIX Car Plate All UNIX flavors have a command scheduler called cron. Each user can schedule repetitive tasks at regular interval. Example: files cleanup, backups, data synchronization or web sites checks. User space commands are provided for this purpose: crontab to easily schedule your tasks and at to schedule a one-shot command. A daemon (crond) runs as root and executes the scheduled commands under the owner privilege. Simple and powerful.

However, unsecured cron entry can disclose sensitive information to all users logged on the system. How?

When an execution time is reached, the crond spawns a new process (shell) and executes the scheduled command with the user privilege. By default, the new shell and sub-processes are all visible to all users using the ps command:

$ ps axwwwo "login,command" | more

The command above will list all processes started on the system with the associated user name. What happens if a user scheduled the following cron entry:

0/5 * * * * wget -O /tmp/web.tmp --user=foo \
                               --password=SeCuRePwD \
                               http://www.site.com/

Every five minutes, the wget command will connect to www.site.com using the given credentials (foo/SeCuRePwD) and save the result in the temporary file /tmp/web.tmp. Quite simple! But, when the command will be execute and, at the same time, another user start the ps command, the password will be displayed in clear! How to avoid this problem? There are several ways to hide your credentials. Here are a few ideas:

  • Check if your application use the setproctitle system call. The developer can define himself what will/won’t be displayed in the process title. Example: replace the password with “xxxxxx”.
  • Store your password in a safe file in your home directory and schedule commands like:
    0/5 * * * * wget -O /tmp/web.tmp --user=foo
                                   --password=`cat $HOME/pw.txt`
                                   http://www.site.com/
    

    (Note that some applications permits to read credentials from a file)

  • More difficult but much more powerful to increase the local security of your host: restrict the ps output to users processes only! This can be achieved via grsecurity or SELinux (on Linux systems)

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.