Bug#553374: Proxy password in apt.conf is is readable by all users

To: Yohann Lepage <yohannlepage@2xyo.info>, 553374@bugs.debian.org
Subject: Bug#553374: Proxy password in apt.conf is is readable by all users
From: Christian Perrier <bubulle@debian.org>
Date: Sat, 31 Oct 2009 17:44:13 +0100
Message-id: <[🔎] 20091031164413.GI9392@mykerinos.kheops.frmug.org>
Reply-to: Christian Perrier <bubulle@debian.org>, 553374@bugs.debian.org
In-reply-to: <[🔎] 20091030165152.20573.69438.reportbug@yoyo-laptop.local.lan>
References: <[🔎] 20091030165152.20573.69438.reportbug@yoyo-laptop.local.lan>

Quoting Yohann Lepage (yohannlepage@2xyo.info):
> Package: apt
> Version: 0.7.23.1
> Severity: wishlist
> 
> Hi,
> 
> I filled the proxy configuration to install Debian.
> After installation, the configuration of proxy is in /etc/apt.conf :
> Acquire::http::Proxy "http://user:password@10.0.0.1:8080";;
> 
> However the permissions of apt.conf is :
> 188620-rw-r - r - 1 root root 68 oct 30 08:26 apt.conf
> 
> The unencrypted proxy password in apt.conf is is readable by all users !
> 
> The rights on apt.conf should not they be more restrictive ? Or include the password in an other file with less rights ?

Why not in a file in /etc/apt/apt.conf.d which you could set to 0600?

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#553374: Proxy password in apt.conf is is readable by all users
  - From: Yohann Lepage <yohannlepage@2xyo.info>

Prev by Date: Bug#549312: apt 0.7.21
Previous by thread: Bug#553374: Proxy password in apt.conf is is readable by all users
Next by thread: Bug#549312: Correction: 0.7.23.1 <-> 0.7.21
Index(es):
- Date
- Thread