Package: systemd-cron Version: 1.15.18-1 Severity: normal Tags: security X-Debbugs-Cc: robert.siemer-report...@backsla.sh, Debian Security Team <t...@security.debian.org>
Crontabs, especially in /var/spool/cron are not readable to all users. Translated command lines in unit files in /run/systemd/generator on the other hand are. Shell variable assignments, written before a command would turn readable to everyone, which they are otherwise never. Further: the changed situation improves the opportunities for snooping around. On purpose? Regards, Robert -- Package-specific info: -- output of systemd-delta -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 5.10.0-8-686-pae (SMP w/2 CPU threads) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages systemd-cron depends on: ii libc6 2.33-3 ii python3 3.9.8-1 ii systemd [systemd-sysusers] 250.3-1 ii systemd-sysv 250.3-1 Versions of packages systemd-cron recommends: ii postfix [mail-transport-agent] 3.6.4-1 systemd-cron suggests no packages. -- no debconf information
