Stanislav Zaharov wrote: > Hello everybody! > I've added new environment support to vixie-cron which is used by default > cron in Debian. This environment is adding oppotunity to set mail subject > for cron's report. It looks like this: > MAILSUBJECT="CRON at the %hostname% (fqdn: %fqdn%): User %user% ran command > %cmd% which was executed with status %status%. Cron fork status: > %forkstatus%" > * * * * * root echo test > > It can be useful for many users. I've attached the patch for vixie cron. > Could the patch be included to Debian release?
Hi, Stan: Have you tried getting your patch merged upstream? (Just kidding, it looks like Debian hasn't pulled a new upstream release of cron in about 22 years, and new upstream releases are... infrequent.) More seriously, any C code that manipulates strings should be heavily scrutinized, especially in a security sensitive daemon like cron, which has had a history of security vulnerabilities, some of which were introduced by later patches to the original code. There are static analyzers that can help with this, e.g. Clang's scan-build (free), and Coverity (non-free). But, maybe it would be better to freeze the user-facing functionality of a venerable tool like cron? This seems like kind of a disruptive change. -- Robert Edmonds [email protected]
