apt sources.list permissions

Bug #484653 reported by Matevž Jekovec
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Invalid
Wishlist
Unassigned

Bug Description

Binary package hint: apt

Hi guys.

Since apt supports password protected repositories it would be wise to set permissions to 600 for /etc/apt/sources.list and sources.list.d so only root can see the actual login information.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. Since these files do not contain passwords by default, it is up to an administrator to set the permissions if keeping plaintext passwords in sources.list. Setting to 600 would likely break tools that need to read this file, such as update-manager. Marking Wishlist for now, but the maintainer may decide to "Won't Fix".

security vulnerability: yes → no
visibility: private → public
Changed in apt (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Julian Andres Klode (juliank) wrote :

It's your configuration file, you can set whatever mode you want. All tools require read access though, but that's covered in another bug.

Changed in apt (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.