the configuration file has execute permission by default

Bug #697955 reported by manuel on 2011-01-06
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
squid-deb-proxy (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: squid-deb-proxy

This appear to be a bug because it is not necessary and is a potential security hole

$ ls -l /etc/apt/apt.conf.d/30autoproxy
-rwxr-xr-x 1 root root 87 2010-03-18 11:43 /etc/apt/apt.conf.d/30autoproxy

the owner is the root buy setup files doesn't need this permission

Later
Manuel

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: squid-deb-proxy-client 0.3.1
ProcVersionSignature: Ubuntu 2.6.32-27.49-generic 2.6.32.26+drm33.12
Uname: Linux 2.6.32-27-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Wed Jan 5 22:44:15 2011
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
PackageArchitecture: all
ProcEnviron:
 LANG=es_VE.UTF-8
 SHELL=/bin/bash
SourcePackage: squid-deb-proxy

manuel (manuel-soto) wrote :
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

security vulnerability: yes → no
visibility: private → public
Michael Vogt (mvo) wrote :

Thanks, indeed. I fixed the permission in trunk and it will be part of the next upload.

Changed in squid-deb-proxy (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid-deb-proxy - 0.4

---------------
squid-deb-proxy (0.4) natty; urgency=low

  * mirror-dstdomain.acl:
    - add ddebs.ubuntu.com to default mirrors
  * apt-avahi-discover:
    - use avahi-resolve to workaround the issue that avahi-browse
      sometimes hands out ipv6 even when asked for ipv4 only,
      many thanks to Andrew Simpson (LP: #686265)
  * contrib/squid-deb-proxy.init:
    - add sysv init script, thanks to Andrew Simpson
  * debian/squid-deb-proxy.upstart:
    - write avahi services file on post-start and kill it again
      on pre-stop (LP: #695937)
  * debian/squid-deb-proxy.squid-deb-proxy-avahi.upstart:
    - removed, this is part of squid-deb-proxy.upstart now
  * Makefile:
    - fix permission of 30autoproxy (LP: #697955)
  * debian/squid-deb-proxy.logrotate:
    - add logrotate file (LP: #718923), thanks to
      Johan van Dijk and Andrew Simpson
 -- Michael Vogt <email address hidden> Wed, 23 Mar 2011 21:53:11 +0100

Changed in squid-deb-proxy (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers