X-Debbugs-No-Ack: please Package: apt Version: 0.7.9 Severity: wishlist Poking around /etc/apt with ls -o, /etc/apt: drwxr-xr-x 2 root 1024 Nov 7 01:11 apt.conf.d -rw------- 1 root 0 Jan 23 2007 secring.gpg -rw-r--r-- 1 jidanni 491 Nov 7 01:25 sources.list drwxr-xr-x 2 root 1024 Feb 22 2006 sources.list.d -rw------- 1 root 1200 Aug 25 07:14 trustdb.gpg -rw-r--r-- 1 root 18247 Aug 25 07:14 trusted.gpg -rw-r--r-- 1 root 18247 Aug 25 07:14 trusted.gpg~ I noticed: 1. Seems I could get away with having sources.list owned by non-root. Probably no check is done for files and directories to be sure they are owned by root before reading... or maybe who cares. 2. trusted.gpg and backups are world readable.
I'm not sure if these are security concerns. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
