[arch-dev-public] Use systemd timers instead of /etc/cron.{hourly, daily, weekly, monthly}?

[Daniel Micay]

On 27/03/14 11:26 PM, Gaetan Bisson wrote:
>
>> My point was only that the security risk is not theoretical.
> 
> Of course it isn't: we all know every piece of software has bugs, which
> is a potential security issue when run as root. Now the above cronie
> bugs were fixed long ago. Do you have any evidence suggesting systemd
> should be less bug-prone than cronie?

Arch Linux is going to be shipping systemd in base, whether or not
cronie is included. Including more setuid binaries increases the attack
surface. I do think it can be assumed that including cronie (with the
crontab setuid binary) and systemd will be more prone to exploitation
than systemd alone.

The importance of this is open to debate, but I think it's worth
consideration, especially since cronie is not enabled by default.
Perfect security is an unobtainable goal but we can do what we can to
harden the base install.

It means cron users will need to issue another pacman command, similar
to how Arch leaving ptrace_scope enabled by default requires users of
commands like `strace -p $PID`, `perf trace -p $PID`, `gdb -p $PID` or
`reptyr $PID` to either turn it off or work around it. They're very
minor inconveniences for a subset of Arch users and the security benefit
is real, even if it's small.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140328/dc4e4b81/attachment.asc>