Package: base-config Version: 2.25 Severity: normal Tags: security I believe that the base-config logs should not be world readable. Some of the packages ask for passwords that are echoed back during the configuration (e.g. pppoeconf), albeit stored later in files not readable by the world.
-- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.25-1-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R Versions of packages base-config depends on: ii adduser 3.56 Add and remove users and groups ii apt 0.5.25 Advanced front-end for dpkg ii aptitude 0.2.14-3 curses-based apt frontend ii bsdutils 1:2.12-3 Basic utilities from 4.4BSD-Lite ii console-data 2002.12.04dbs-40 Keymaps, fonts, charset maps, fall ii console-tools 1:0.2.3dbs-52 Linux console and font utilities ii debconf 1.4.25 Debian configuration management sy ii debianutils 2.8.2 Miscellaneous utilities specific t ii gettext-base 0.14.1-2 GNU Internationalization utilities ii passwd 1:4.0.3-28.3 Change and administer password and -- debconf information: tzconfig/choose_country_zone_single: true base-config/menu/mta: tzconfig/select_zone: tzconfig/verify_choices: true tzconfig/choose_country_zone/BR: East * base-config/intro: apt-setup/security-updates: true apt-setup/another: false mirror/distribution: testing base-config/title: base-config/menu/finish: debian-installer/language: en * apt-setup/mirror: ftp.freenet.de base-config/start-display-manager: true base-config/menu/apt-setup: base-config/menu/keyboard: tzconfig/title: debian-installer/country: US apt-setup/directory: /pub/ftp.debian.org/debian/ * base-config/install-problem: * tzconfig/change_timezone: false * base-config/pkgsel: tasksel - quickly choose from predefined collections of software base-config/menu/hostname: apt-setup/cd/another: false apt-setup/non-free: false apt-setup/badedit: apt-setup/non-us: true mirror/suite: testing apt-setup/baddir: base-config/menu/pkgsel: base-config/menu/apt-get: base-config/menu/timezone: base-config/menu/intro: base-config/menu/passwd: apt-setup/hostname: ftp.freenet.de base-config/menu/pon: * base-config/login: * tzconfig/gmt: true apt-setup/title: mirror/http/proxy: apt-setup/contrib: true apt-setup/non-us-failed: base-config/main-menu: Set up users and passwords * tzconfig/geographic_area: Asia apt-setup/cd/dev: /dev/cdrom * apt-setup/country: Germany debian-installer/keymap: us apt-setup/badsource: base-config/use-ppp: false apt-setup/uri_type: ftp tzconfig/choose_country_zone/US: Eastern * base-config/get-hostname: ilmarinen apt-setup/not-mirror: tzconfig/choose_country_zone_multiple: tzconfig/choose_country_zone/CA: Eastern apt-setup/security-updates-failed: base-config/menu/shell: apt-setup/cd/bad: * base-config/invalid-hostname: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
