Ubuntu
squid-deb-proxy package

the configuration file has execute permission by default

Bug #697955 reported by manuel
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
squid-deb-proxy (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: squid-deb-proxy

This appear to be a bug because it is not necessary and is a potential security hole

$ ls -l /etc/apt/apt.conf.d/30autoproxy
-rwxr-xr-x 1 root root 87 2010-03-18 11:43 /etc/apt/apt.conf.d/30autoproxy

the owner is the root buy setup files doesn't need this permission

Later
Manuel

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: squid-deb-proxy-client 0.3.1
ProcVersionSignature: Ubuntu 2.6.32-27.49-generic 2.6.32.26+drm33.12
Uname: Linux 2.6.32-27-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Wed Jan 5 22:44:15 2011
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
PackageArchitecture: all
ProcEnviron:
 LANG=es_VE.UTF-8
 SHELL=/bin/bash
SourcePackage: squid-deb-proxy

Revision history for this message
manuel (manuel-soto) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

security vulnerability: yes → no
visibility: private → public
Revision history for this message
Michael Vogt (mvo) wrote :

Thanks, indeed. I fixed the permission in trunk and it will be part of the next upload.

Changed in squid-deb-proxy (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid-deb-proxy - 0.4

---------------
squid-deb-proxy (0.4) natty; urgency=low

  * mirror-dstdomain.acl:
    - add ddebs.ubuntu.com to default mirrors
  * apt-avahi-discover:
    - use avahi-resolve to workaround the issue that avahi-browse
      sometimes hands out ipv6 even when asked for ipv4 only,
      many thanks to Andrew Simpson (LP: #686265)
  * contrib/squid-deb-proxy.init:
    - add sysv init script, thanks to Andrew Simpson
  * debian/squid-deb-proxy.upstart:
    - write avahi services file on post-start and kill it again
      on pre-stop (LP: #695937)
  * debian/squid-deb-proxy.squid-deb-proxy-avahi.upstart:
    - removed, this is part of squid-deb-proxy.upstart now
  * Makefile:
    - fix permission of 30autoproxy (LP: #697955)
  * debian/squid-deb-proxy.logrotate:
    - add logrotate file (LP: #718923), thanks to
      Johan van Dijk and Andrew Simpson
 -- Michael Vogt <email address hidden> Wed, 23 Mar 2011 21:53:11 +0100

Changed in squid-deb-proxy (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.