[arch-dev-public] Use systemd timers instead of /etc/cron.{hourly, daily, weekly, monthly}?

Gaetan Bisson bisson at archlinux.org
Thu Mar 27 22:01:22 EDT 2014

[2014-03-27 21:01:17 -0400] Daniel Micay:
> setuid binary (crontab) so it opens up a vulnerability in the base install.
> Among others (although one requires cron to be enabled):
> * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0424
> * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6097

There were bugs that have been fixed a while ago; what's your point?

I support switching to systemd timers in order to streamline our base
install, as well as regroup daemons and periodic commands configuration
in just one place. But I do not believe that replacing a small setuid
binary by a larger one addresses any potential security issue.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140327/e7e36ec5/attachment.asc>

More information about the arch-dev-public mailing list