Bug#449573: sources.list not owned by root

To: submit@bugs.debian.org
Subject: Bug#449573: sources.list not owned by root
From: jidanni@jidanni.org
Date: Wed, 07 Nov 2007 01:35:25 +0800
Message-id: <[🔎] 871wb3gtuq.fsf@jidanni.org>
Reply-to: jidanni@jidanni.org, 449573@bugs.debian.org

X-Debbugs-No-Ack: please
Package: apt
Version: 0.7.9
Severity: wishlist

Poking around /etc/apt with ls -o,
  /etc/apt:
  drwxr-xr-x   2 root     1024 Nov  7 01:11 apt.conf.d
  -rw-------   1 root        0 Jan 23  2007 secring.gpg
  -rw-r--r--   1 jidanni   491 Nov  7 01:25 sources.list
  drwxr-xr-x   2 root     1024 Feb 22  2006 sources.list.d
  -rw-------   1 root     1200 Aug 25 07:14 trustdb.gpg
  -rw-r--r--   1 root    18247 Aug 25 07:14 trusted.gpg
  -rw-r--r--   1 root    18247 Aug 25 07:14 trusted.gpg~
I noticed:
1. Seems I could get away with having sources.list owned by non-root.
   Probably no check is done for files and directories to be sure they
   are owned by root before reading... or maybe who cares.
2. trusted.gpg and backups are world readable.

I'm not sure if these are security concerns.

Reply to:

Prev by Date: Bug#449572: *_Packages modification date frozen wrongly
Next by Date: Bug#172050: Life at any time can become difficult: life at any time can become easy. It all depends upon how one adjusts oneself to life.
Previous by thread: Bug#449572: *_Packages modification date frozen wrongly
Next by thread: Bug#172050: Life at any time can become difficult: life at any time can become easy. It all depends upon how one adjusts oneself to life.
Index(es):
- Date
- Thread