Bug#305142: world readable apt.conf with proxy passwd

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#305142: world readable apt.conf with proxy passwd
From: Alexander Mader <alexander.mader@niles.de>
Date: Mon, 18 Apr 2005 10:06:07 +0200
Message-id: <[🔎] 20050418080603.CBC3A80AEA@email.kapp-coburg.de>
Reply-to: Alexander Mader <alexander.mader@niles.de>, 305142@bugs.debian.org

Package: apt
Version: 0.5.28.1
Severity: grave
Tags: security
Justification: user security hole

During install apt.conf is written; including proxy configuration if
needed. The Proxy string is stored in apt.conf but permissions allow
group and others to read apt.conf hence to get the proxy password which
could even be a real users password.

Best regards,

Alexander Mader.
-- Package-specific info:

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages apt depends on:
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libgcc1                     1:3.4.3-12   GCC support library
ii  libstdc++5                  1:3.3.5-8    The GNU Standard C++ Library v3

-- no debconf information

Reply to:

Follow-Ups:
- Bug#305142: world readable apt.conf with proxy passwd
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Specify in apt-get options for dpkg
Next by Date: Processed: severity of 305142 is important
Previous by thread: Specify in apt-get options for dpkg
Next by thread: Bug#305142: world readable apt.conf with proxy passwd
Index(es):
- Date
- Thread