[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/5] Make vixie cron mode actually work, and work safely
|
From: |
Dale Mellor |
|
Subject: |
Re: [PATCH 0/5] Make vixie cron mode actually work, and work safely |
|
Date: |
Tue, 21 Mar 2023 11:54:26 +0000 |
|
User-agent: |
Evolution 3.46.0 |
On Thu, 2023-02-02 at 19:29 +0000, ulfvonbelow wrote:
> > I suspect nobody has used the legacy cron mode in a long time,
> > possibly
> > ever.
I agree. Ever since it was implemented it has been marked in the
documentation as deprecated. The reason I did it in the first place is
because it was relatively easy and allowed me to 'sell' mcron as a
modern Vixie replacement, but the truth is the mcron personality has so
much more to offer that it is a no-brainer to use this instead; and
this before even considering the security side of things.
> > ... but many to achieve the most basic of security requirements.
Yep, it's good that you have addressed this, though I still regard the
attack surface too big to trust on systems of my own.
> > If anyone has mcron's crontab script installed setuid-root and is
> > on
> > a system
> > that respects the setuid bit of scripts, or has manually created a
> > setuid
> > wrapper around the crontab script, they should apply these patches
> > ASAP.
I agree, or better just run mcron as a normal user process.
It is curious how a C wrapper had previously been removed (it was
there for entirely different reasons based on limitations Guile had
around the turn of the century), and now we need to bring it back for
the security reasons you mention in the patches. Having a C compiler on
a system is not a big ask, so that is fine by me.
I have put your patches through verbatim; I've looked over them only
as a cursory sanity check, but haven't really checked things and have
done no testing. We already agreed that probably nobody has ever used
it, and I certainly have no intention to.
But anything is better than what is currently there, so thank you for
the contribution!
I think you should strongly encourage your friend to just use mcron as
a stand-alone user-owned process. The Vixie syntax is still available
to use in this mode.
Best wishes, and thanks again,
Dale
signature.asc
Description: This is a digitally signed message part
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH 0/5] Make vixie cron mode actually work, and work safely,
Dale Mellor <=