Bug#305142: world readable apt.conf with proxy passwd
reassign 305142 debian-installer
thanks
On Mon, Apr 18, 2005 at 10:06:07AM +0200, Alexander Mader wrote:
> Package: apt
> Version: 0.5.28.1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> During install apt.conf is written; including proxy configuration if
> needed. The Proxy string is stored in apt.conf but permissions allow
> group and others to read apt.conf hence to get the proxy password which
> could even be a real users password.
This issue belongs to whichever installer component creates the file.
--
- mdz
Reply to: