28 Mar
2014
28 Mar
'14
2:01 a.m.
[2014-03-27 21:01:17 -0400] Daniel Micay:
setuid binary (crontab) so it opens up a vulnerability in the base install.
Among others (although one requires cron to be enabled):
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0424 * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6097
There were bugs that have been fixed a while ago; what's your point? I support switching to systemd timers in order to streamline our base install, as well as regroup daemons and periodic commands configuration in just one place. But I do not believe that replacing a small setuid binary by a larger one addresses any potential security issue. -- Gaetan