Bug#148466: apt requires apt.conf to be readable for non-root usage
Package: apt
Version: 0.5.4
Severity: normal
Tags: security
If you run 'apt-cache search <package>' without read access to
apt.conf, apt bails. While I understand that there are important
options in this file that might be needed in order for apt to function
properly, in my experience (maybe others?) the most common option in
this file is to add an http/ftp proxy together with a username and
password if the proxy requires one.
If you need to supply a username and password you can either:
-- allow the username and password to be world readable
-- prevent users from using apt by securing apt.conf
The first option is no-go on some networks. The second option annoys
the clued-up users.
Perhaps apt could fall back to a different configuration file (without
the secure information) or use its defaults if apt is run without read
permissions on apt.conf?
Matt
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux xanadu 2.4.19pre7ac3 #2 SMP Wed May 1 16:43:50 BST 2002 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages apt depends on:
ii libc6 2.2.5-6 GNU C Library: Shared libraries an
ii libstdc++2.10-glibc2.2 1:2.95.4-7 The GNU stdc++ library
--
Matt Kern
http://www.undue.org/
--
To UNSUBSCRIBE, email to deity-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: