Package: squid Version: 2.6.5-6etch1 Severity: normal In an effort to increase security by not letting local users gather cleartext passwords from /etc/digest_pw, I changed modes to 600 making the file readable for root only. I forgot that squid is running as "proxy," so this user couldn't read the file anymore (because the file was owned by root.)
This, in consequence, caused digest_pw_auth to crash as soon as someone tried to login and use Squid. I had expected a proper check whether the file is readable or not, and a respective warning in case it's unreadable, but instead digest_pw_auth crashes as follows: >kernel: digest_pw_auth[13592]: segfault at 0000000000000000 rip >00002b7b2bb25df4 rsp 00007fff7f6e2c30 error 4 >squid[13507]: WARNING: digestauthenticator #3 (FD 13) exited -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (650, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-amd64 Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15) Versions of packages squid depends on: ii adduser 3.102 Add and remove users and groups ii coreutils 5.97-5.3 The GNU core utilities ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries ii libdb4.4 4.4.20-8 Berkeley v4.4 Database Libraries [ ii libldap2 2.1.30-13.3 OpenLDAP libraries ii libpam0g 0.79-5 Pluggable Authentication Modules l ii logrotate 3.7.1-3 Log rotation utility ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip ii netbase 4.29 Basic TCP/IP networking system ii squid-common 2.6.5-6etch1 Internet Object Cache (WWW proxy c squid recommends no packages. -- debconf information: squid/fix_cachedir_perms: false squid/largefiles_warning: squid/anonymize_headers: squid/authenticate_program: squid-cgi/cachemgr: squid/fix_lines: true squid/old_version: false squid/http_anonymizer: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
