Package: apt-cacher-ng
Version: 3.6.4-1
Severity: important
X-Debbugs-Cc: richard.lewis.deb...@googlemail.com
Dear Maintainer,
Thanks for maintaining apt-cacher-ng,
I set "BindAddress: localhost" in /etc/apt-cacher-ng/acng.conf
when i restart the service it is indeed listening on 127.0.0.1:3142 (for tcp)
But when apt-cacher starts doing something (I use it via sbuild) it also starts
listening on 0.0.0.0 + a random port for udp. I would expect 127.0.0.1:41044
only in:
ss -tunlp|grep apt
udp UNCONN 0 0 0.0.0.0:41044 0.0.0.0:*
users:(("apt-cacher-ng",pid=2584993,fd=11))
tcp LISTEN 0 250 127.0.0.1:3142 0.0.0.0:*
users:(("apt-cacher-ng",pid=2584993,fd=10))
Is there some other setting not documented in acng.conf?
isnt this a security risk? (It gets flagged by the tiger package as such - now
I do know that
in fact it may be a low risk and that it is easily mitigated via firewall
rules, but i dont want
apt-cacher-ng listening on any external ip, especially when the config
explicitly tells it not to.)
this did not happen in the 'buster' version, so is a regression in the new
stable release
I also wonder why the default setting is so permissive - surely the biggest
use-case is for building on
a localhost via sbuild or similar, and people who want to provide a cache to
other machines would be able
to change the default. (but any default is fine as long as it can be changed -
but the above shows the
change isnt working)
Thanks for considering to fix this
-- Package-specific info:
-- System Information:
Debian Release: 11.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/1 CPU thread)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apt-cacher-ng depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.77
ii dpkg 1.20.9
ii libbz2-1.0 1.0.8-4
ii libc6 2.31-13
ii libevent-2.1-7 2.1.12-stable-1
ii libevent-pthreads-2.1-7 2.1.12-stable-1
ii libgcc-s1 10.2.1-6
ii liblzma5 5.2.5-2
ii libssl1.1 1.1.1k-1+deb11u1
ii libstdc++6 10.2.1-6
ii libsystemd0 247.3-6
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages apt-cacher-ng recommends:
ii ca-certificates 20210119
Versions of packages apt-cacher-ng suggests:
pn avahi-daemon <none>
pn doc-base <none>
ii libfuse2 2.9.9-5
-- Configuration Files:
/etc/apt-cacher-ng/acng.conf changed [not included]
/etc/apt-cacher-ng/security.conf [Errno 13] Permission denied:
'/etc/apt-cacher-ng/security.conf'
-- debconf information:
* apt-cacher-ng/tunnelenable: false
apt-cacher-ng/cachedir: keep
apt-cacher-ng/proxy: keep
* apt-cacher-ng/gentargetmode: Set up now and update later
apt-cacher-ng/bindaddress: keep
* apt-cacher-ng/port: keep
