Bug#305142: world readable apt.conf with proxy passwd

To: Alexander Mader <alexander.mader@niles.de>, 305142@bugs.debian.org
Subject: Bug#305142: world readable apt.conf with proxy passwd
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 19 Apr 2005 01:05:15 -0700
Message-id: <[🔎] 20050419080515.GM13299@alcor.net>
Reply-to: Matt Zimmerman <mdz@debian.org>, 305142@bugs.debian.org
In-reply-to: <[🔎] 20050418080603.CBC3A80AEA@email.kapp-coburg.de>
References: <[🔎] 20050418080603.CBC3A80AEA@email.kapp-coburg.de>

reassign 305142 debian-installer
thanks

On Mon, Apr 18, 2005 at 10:06:07AM +0200, Alexander Mader wrote:
> Package: apt
> Version: 0.5.28.1
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> During install apt.conf is written; including proxy configuration if
> needed. The Proxy string is stored in apt.conf but permissions allow
> group and others to read apt.conf hence to get the proxy password which
> could even be a real users password.

This issue belongs to whichever installer component creates the file.

-- 
 - mdz

Reply to:

Follow-Ups:
- Processed: Re: Bug#305142: world readable apt.conf with proxy passwd
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#305142: world readable apt.conf with proxy passwd
  - From: Alexander Mader <alexander.mader@niles.de>

Prev by Date: Processed: Re: Bug#305142: world readable apt.conf with proxy passwd
Next by Date: Processed: More duplicates
Previous by thread: Bug#305142: world readable apt.conf with proxy passwd
Next by thread: Processed: Re: Bug#305142: world readable apt.conf with proxy passwd
Index(es):
- Date
- Thread