[RndTbl] at command
Daryl F
wyatt at prairieturtle.ca
Sat Feb 27 22:19:59 CST 2016
On Sat, 27 Feb 2016, Trevor Cordes wrote:
> Here's the precise debug email I got from cron:
>
> sh: line 69: warning: here-document at line 68 delimited by end-of-file
> (wanted `marcinDELIMITER04dba0c8') /bin/sh: 1marcinDELIMITER04dba0c8:
> ambiguous redirect
>
I thought I'd seen that here-doc delimiter before. It's standard for the
at command. When entered at the command line the at command puts the
user's input in a here-document for the atd to execute.
Once upon a time there was a bug
https://bugzilla.redhat.com/show_bug.cgi?id=486844
that led me to remember what I've observed on the at job queue.
>
> It spooks me a little bit as that's a funky here-doc string to look
> for, and WTF with the redirect? Doesn't look like anything I would
> have scripted (I rarely use heredocs).
>
I've seen some utilities that don't care for the vagaries of different
cron daemons use an at command at the end of the current at job to
schedule their next run. The first one is usually started by an init
script or whatever equivalent in the distro in use.
> The problem with requiring the caller of at to do something to log at
> commands is that that won't help track/log if someone manages to inject
> a malicious at command. The above evidence smells to me of some
> compromised program allowing someone to set a timed at job as my user.
> But it could just be me being paranoid...
-Daryl
More information about the Roundtable
mailing list