review(5): §4 cron T0 MISS — busybox crond non-functional as non-root (A5-7 OPEN)
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
Cold-verified at 23:11Z: T0 (23:04Z) was missed; no upgrader-cron.log created. busybox crond with -c dir requires root for setuid; silently skips all jobs as non-root 'loops' user. Confirmed by both T0 miss and a * * * * * control probe (waited through 23:09+23:10, nothing fired). V9 PASS stands. Gate M5 remains open pending a working cron mechanism + re-fire. A5-7 filed in BACKLOG-5. BUILDER-INBOX sent.
This commit is contained in:
autonomic-bot
@ -26,6 +26,56 @@ Single-writer: `## Build backlog` = Builder-only; `## Adversary findings` = Adve
|
||||
|
||||
## Adversary findings
|
||||
|
||||
### [adversary] A5-7 — §4 cron: busybox crond does NOT execute jobs as non-root user
|
||||
**Status:** OPEN — found 2026-06-01T23:11Z
|
||||
|
||||
The §4 weekly cron was installed using busybox crond in a tmux session, invoked with:
|
||||
```
|
||||
crond -f -d 5 -c /home/loops/.cc-ci-crontabs -L /srv/cc-ci/.cc-ci-logs/crond.log
|
||||
```
|
||||
The crontab file `/home/loops/.cc-ci-crontabs/loops` contains the correct schedule (`4 23 * * 1`).
|
||||
|
||||
**Finding: crond never executes any job.**
|
||||
|
||||
Cold-verified T0 miss at 23:04Z (2 minutes after T0):
|
||||
- `/srv/cc-ci/.cc-ci-logs/upgrader-cron.log` does NOT exist.
|
||||
- crond.log shows only 3 startup lines; last modified 22:08:44 UTC — no entries after startup.
|
||||
- No cc-ci-upgrader session started at 23:04Z (`python3 launch-upgrader.py status` → stopped).
|
||||
|
||||
Cold-verified with `* * * * *` test entry (every-minute control):
|
||||
- Added `* * * * * date -u >> /tmp/cc-ci-crond-test.log 2>&1` to the crontab.
|
||||
- Waited through 23:09 and 23:10 UTC — no `/tmp/cc-ci-crond-test.log` created.
|
||||
- Confirmed: busybox crond is completely ignoring ALL cron entries.
|
||||
|
||||
**Root cause:** busybox crond's `-c dir` mode is designed to run as root. It reads each file in
|
||||
the directory as a per-user crontab (filename = username). Before executing a job, it calls
|
||||
`setgid(pw->pw_gid)` + `setuid(pw->pw_uid)`. Running as non-root user `loops`, `setgid/setuid`
|
||||
fail with EPERM, so crond silently skips all jobs.
|
||||
|
||||
**Impact:** The §4 weekly cron is completely non-functional. T0 (23:04 UTC) was missed.
|
||||
The plan's §4 requirement ("verify the cron-equivalent path end-to-end; confirm real first fire
|
||||
at T0") is NOT met.
|
||||
|
||||
**Required fix:** Replace busybox crond with a mechanism that works as a non-root user. Options
|
||||
per plan §4:
|
||||
1. **Claude scheduled task** (`/schedule` skill → `CronCreate` harness tool): built-in, no root
|
||||
needed, tested mechanism.
|
||||
2. **systemd user timer** (`systemctl --user enable/start cc-ci-upgrader.timer`): requires writing
|
||||
a user service unit file to `~/.config/systemd/user/`.
|
||||
3. **`at` one-off for T0**: doesn't provide recurring weekly schedule.
|
||||
|
||||
**Cold repro:**
|
||||
1. `ssh loops@<orch> 'cat /srv/cc-ci/.cc-ci-logs/upgrader-cron.log 2>/dev/null || echo "(no log)"'`
|
||||
→ "(no log)"
|
||||
2. `ssh loops@<orch> 'stat /srv/cc-ci/.cc-ci-logs/crond.log | grep Modify'`
|
||||
→ Modify: 2026-06-01 22:08:44 (no update after crond start)
|
||||
3. `ssh loops@<orch> 'python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py status'`
|
||||
→ "stopped"
|
||||
|
||||
(Only Adversary closes this after re-test with a working T0 fire.)
|
||||
|
||||
---
|
||||
|
||||
### [adversary] A5-5 — V5: explanatory comment references wrong build/failures; no RESULT: SUCCESS-PENDING-TESTS
|
||||
**Status:** CLOSED — re-tested 2026-06-01T21:49Z; see `REVIEW-5.md` follow-up entry.
|
||||
ORIGINALLY OPEN — found 2026-06-01T21:38Z
|
||||
|
||||
30
machine-docs/BUILDER-INBOX.md
Normal file
30
machine-docs/BUILDER-INBOX.md
Normal file
@ -0,0 +1,30 @@
|
||||
# Adversary → Builder: §4 cron T0 MISSED — mechanism broken (A5-7)
|
||||
|
||||
**2026-06-01T23:11Z**
|
||||
|
||||
The busybox crond mechanism for the §4 weekly cron does NOT work. T0 (23:04Z today, Monday Jun 1)
|
||||
was missed. No `upgrader-cron.log` was created. The cc-ci-upgrader was NOT started.
|
||||
|
||||
**Root cause (cold-verified):**
|
||||
- busybox crond with `-c dir` needs root to `setgid/setuid` before executing jobs.
|
||||
- Running as non-root user `loops`, ALL jobs are silently skipped — confirmed by:
|
||||
- T0 miss at 23:04Z (checked 23:06Z, 23:11Z)
|
||||
- `* * * * *` control probe: waited through 23:09+23:10, nothing fired
|
||||
- crond.log never updated past 22:08 startup
|
||||
|
||||
**Gate status:** M5 gate remains OPEN. V9 PASS is not affected; only §4 cron first-fire fails.
|
||||
|
||||
**Required fix (per plan §4):** Replace with a mechanism that works as non-root. Plan says "user
|
||||
crontab / systemd timer / Claude scheduled task are all acceptable."
|
||||
|
||||
**Recommended:** Use the harness's CronCreate tool (the `/schedule` skill). This is already tested,
|
||||
works as user loops, and is exactly the "Claude scheduled task" option the plan allows. Schedule
|
||||
`launch-upgrader.py start` on the same weekly slot.
|
||||
|
||||
Alternatively: `systemctl --user enable cc-ci-upgrader.timer` with a user unit file.
|
||||
|
||||
Once the mechanism is fixed, install it, fire it (use `--dry-run` for cheap pre-check), and
|
||||
confirm `/srv/cc-ci/.cc-ci-logs/upgrader-cron.log` is created and `launch-upgrader.py status`
|
||||
shows RUNNING. Then update STATUS-5.md with the new gate claim so I can re-verify.
|
||||
|
||||
— Adversary, @2026-06-01T23:11Z
|
||||
@ -685,3 +685,29 @@ review). The RESULT artifacts are preserved on disk.
|
||||
**V8a: PASS (with noted gap)** — core functionality (automated lifecycle, run-to-completion,
|
||||
log artifacts) all confirmed. The session self-termination is a known behavior gap, not a blocking
|
||||
defect for V8a's primary purpose (weekly cron automation).
|
||||
|
||||
---
|
||||
|
||||
## §4 cron T0 fire: FAIL — 2026-06-01T23:11Z
|
||||
|
||||
Finding: A5-7. The §4 weekly cron mechanism (busybox crond in tmux session `cc-ci-crond`) does NOT
|
||||
execute jobs. T0 (23:04Z) was missed and no job ever fires.
|
||||
|
||||
**Cold-verified evidence:**
|
||||
- T0=23:04Z; checked at 23:06Z and 23:11Z: no `/srv/cc-ci/.cc-ci-logs/upgrader-cron.log` exists.
|
||||
- `crond.log` (153 bytes) last modified 22:08:44 UTC — only startup messages, no job-execution entries.
|
||||
- `python3 launch-upgrader.py status` at 23:07Z → "stopped" (no session started by cron at 23:04Z).
|
||||
- Control probe: added `* * * * *` test entry, waited through 23:09 and 23:10 UTC — no fire.
|
||||
|
||||
**Root cause confirmed:** busybox crond with `-c dir` requires root to call `setgid/setuid` before
|
||||
executing jobs. Running as non-root user `loops`, all jobs are silently skipped.
|
||||
|
||||
**Gate status:** The §4 cron install requires "verify the cron-equivalent path end-to-end; confirm
|
||||
real first fire at T0." T0 missed. The plan says "if it did NOT fire (PATH, login, mechanism), fix
|
||||
and re-verify." The mechanism is wrong; a fix is required.
|
||||
|
||||
**§4 cron: FAIL** @2026-06-01T23:11Z — busybox crond non-functional; T0 missed. Filed as A5-7.
|
||||
The gate claim (M5 CLAIMED) remains OPEN pending a working re-installation and T0 equivalent fire.
|
||||
|
||||
Note on V9: V9 (cleanup) PASS is NOT affected by this finding — the cleanup evidence was separately
|
||||
cold-verified at 22:13Z and holds. Only the §4 cron first-fire is broken.
|
||||
|
||||
Reference in New Issue
Block a user