[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Creating a randomized cron entry

Henrique de Moraes Holschuh wrote:
> "at" has a very bad history security-wise, and I really doubt anyone is
> seriously maintaining and fixing that thing.  Now, if someone would rewrite
> from scratch an "at" designed and implemented for security, that would be
> very cool indeed.

at had one security hole that I know of, back in 2002; a double-free bug.
It's hard to call that a very bad security history; cron and fcron have
both had more security holes than that, so has vim, so has emacs, so
has glibc.

Random useless stats mode: Since the release of woody, some 2834
security holes tracked by the testing security team have afected 892
distinct packages; of these 493 holes were the only hole found in a
package, and at the other end of the spectrum, 493 total holes were
found in a set of just 7 packages. I know which set of packages I'd be
more concerned about having installed, and it's not the set containing
at (1 hole), it's the set containing mozilla-firefox (92 holes).

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: