[2014-03-27 21:01:17 -0400] Daniel Micay: > setuid binary (crontab) so it opens up a vulnerability in the base install. > > Among others (although one requires cron to be enabled): > > * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0424 > * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6097
There were bugs that have been fixed a while ago; what's your point? I support switching to systemd timers in order to streamline our base install, as well as regroup daemons and periodic commands configuration in just one place. But I do not believe that replacing a small setuid binary by a larger one addresses any potential security issue. -- Gaetan
pgpJR1aMV7z1A.pgp
Description: PGP signature