| 1 |
On Sun, Jan 29, 2017 at 12:15 PM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 2 |
> On 29/01/2017 18:30, Mike Gilbert wrote: |
| 3 |
>> On Sun, Jan 29, 2017 at 3:43 AM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 4 |
>>>> The password can be in a file, and read into a shell variable. |
| 5 |
>>> |
| 6 |
>>> I already said cron has to launch any script or command that exists. |
| 7 |
>>> Cron cannot dictate what form a command must have as the command already |
| 8 |
>>> exists, it can only try and improve things overall |
| 9 |
>> |
| 10 |
>> Any command that requires sensitive information be passed on the |
| 11 |
>> command line is broken by design and should not be used. |
| 12 |
>> |
| 13 |
> |
| 14 |
> |
| 15 |
> I agree. But you, like Ian, are not actually understanding what I'm saying. |
| 16 |
> |
| 17 |
> I'm not advocating using such a program, I'm saying cron has to deal |
| 18 |
> with the fact that they exist. Now, I haven't said yet where such |
| 19 |
> garbage might exist, but I know a place where they thrive: |
| 20 |
> |
| 21 |
> inside corporates, written inhouse, sources long gone, no updates |
| 22 |
> possible, no budget to rewrite, no appetite to fix from the overlords. |
| 23 |
|
| 24 |
I would expect the sysadmin to deal with it by setting a restrictive |
| 25 |
mode on the /etc/cron* files themselves. |
| 26 |
|
| 27 |
Relying on the directory mode set by the distro to hide the files is foolish. |
Archives