Bug#305142: world readable apt.conf with proxy passwd

To: Matt Zimmerman <mdz@debian.org>, 305142@bugs.debian.org
Subject: Bug#305142: world readable apt.conf with proxy passwd
From: Christian Perrier <bubulle@debian.org>
Date: Tue, 19 Apr 2005 18:41:57 +0200
Message-id: <[🔎] 20050419164156.GF21747@mykerinos.kheops.frmug.org>
Reply-to: Christian Perrier <bubulle@debian.org>, 305142@bugs.debian.org
In-reply-to: <20050419080515.GM13299@alcor.net>
References: <20050418080603.CBC3A80AEA@email.kapp-coburg.de> <20050419080515.GM13299@alcor.net>

reassign 305142 base-config
retitle 305142 apt-setup creates a world readable apt.conf file
thanks

Quoting Matt Zimmerman (mdz@debian.org):
> reassign 305142 debian-installer
> thanks


> 
> On Mon, Apr 18, 2005 at 10:06:07AM +0200, Alexander Mader wrote:
> > Package: apt
> > Version: 0.5.28.1
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > 
> > During install apt.conf is written; including proxy configuration if
> > needed. The Proxy string is stored in apt.conf but permissions allow
> > group and others to read apt.conf hence to get the proxy password which
> > could even be a real users password.
> 
> This issue belongs to whichever installer component creates the file.


Which happens to be apt-setup from base-config if I'm correct...

Reply to:

Follow-Ups:
- Processed: Re: Bug#305142: world readable apt.conf with proxy passwd
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#305142: world readable apt.conf with proxy passwd
Next by Date: [D-I Manual] Build log for en (19 Apr 2005)
Previous by thread: Bug#305353: marked as done (No problems)
Next by thread: Processed: Re: Bug#305142: world readable apt.conf with proxy passwd
Index(es):
- Date
- Thread