[Bug 1304657] Re: world writable files in /var/lib/apt/lists

Steve Langasek steve.langasek at canonical.com
Tue Apr 8 21:30:47 UTC 2014 

Michael, can you please look at this for 14.04?

** Changed in: apt (Ubuntu)
   Importance: Undecided => High

** Changed in: apt (Ubuntu)
       Status: New => Triaged

** Changed in: apt (Ubuntu)
     Assignee: (unassigned) => Michael Vogt (mvo)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1304657

Title:
  world writable files in /var/lib/apt/lists

Status in “apt” package in Ubuntu:
  Triaged

Bug description:
  When performing installation audits, I noticed on the image from
  2014-04-07 the following after a livecd install:

  $ ls -l /var/lib/apt/lists|grep 'rw\-rw\-rw'
  -rw-rw-rw- 1 root root    29759 Apr  8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-amd64_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-i386_Packages
  -rw-rw-rw- 1 root root     1199 Apr  8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-amd64_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-i386_Packages

  This also happens on the server install from the same date:
  $ ls -l /var/lib/apt/lists|grep 'rw\-rw\-rw'
  -rw-rw-rw- 1 root root  1702199 Apr  8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-amd64_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-i386_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-amd64_Packages
  -rw-rw-rw- 1 root root        0 Apr  8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-i386_Packages

  I installed the image from 2014-04-07, installed today and noticed the
  above.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1304657/+subscriptions

More information about the foundations-bugs mailing list