This is pointless. Nothing can be done to really improve the situation, as anybody can look around in /proc .
Le jeu. 27 janv. 2022 à 04:21, Robert Siemer <robert.siemer-report...@backsla.sh> a écrit : > > Package: systemd-cron > Version: 1.15.18-1 > Severity: normal > Tags: security > X-Debbugs-Cc: robert.siemer-report...@backsla.sh, Debian Security Team > <t...@security.debian.org> > > Crontabs, especially in /var/spool/cron are not readable to all users. > Translated command lines in unit files in > /run/systemd/generator on the other hand are. > > Shell variable assignments, written before a command would turn > readable to everyone, which they are otherwise never. > > Further: the changed situation improves the opportunities for > snooping around. On purpose? > > Regards, > Robert > > > -- Package-specific info: > -- output of systemd-delta > > -- System Information: > Debian Release: bookworm/sid > APT prefers stable-security > APT policy: (500, 'stable-security'), (500, 'unstable') > Architecture: i386 (i686) > > Kernel: Linux 5.10.0-8-686-pae (SMP w/2 CPU threads) > Kernel taint flags: TAINT_UNSIGNED_MODULE > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not > set > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages systemd-cron depends on: > ii libc6 2.33-3 > ii python3 3.9.8-1 > ii systemd [systemd-sysusers] 250.3-1 > ii systemd-sysv 250.3-1 > > Versions of packages systemd-cron recommends: > ii postfix [mail-transport-agent] 3.6.4-1 > > systemd-cron suggests no packages. > > -- no debconf information >