27 Feb
2016
27 Feb
'16
9:49 p.m.
Here's the precise debug email I got from cron:
sh: line 69: warning: here-document at line 68 delimited by end-of-file (wanted `marcinDELIMITER04dba0c8') /bin/sh: 1marcinDELIMITER04dba0c8: ambiguous redirect
It spooks me a little bit as that's a funky here-doc string to look for, and WTF with the redirect? Doesn't look like anything I would have scripted (I rarely use heredocs).
The problem with requiring the caller of at to do something to log at commands is that that won't help track/log if someone manages to inject a malicious at command. The above evidence smells to me of some compromised program allowing someone to set a timed at job as my user. But it could just be me being paranoid...