Package: squid
Version: 2.6.5-6etch1
Severity: normal

In an effort to increase security by not letting local users gather cleartext
passwords from /etc/digest_pw, I changed modes to 600 making the file
readable for root only. I forgot that squid is running as "proxy," so this
user couldn't read the file anymore (because the file was owned by root.)

This, in consequence, caused digest_pw_auth to crash as soon as someone
tried to login and use Squid. I had expected a proper check whether the file
is readable or not, and a respective warning in case it's unreadable, but
instead digest_pw_auth crashes as follows:

>kernel: digest_pw_auth[13592]: segfault at 0000000000000000 rip 
>00002b7b2bb25df4 rsp 00007fff7f6e2c30 error 4
>squid[13507]: WARNING: digestauthenticator #3 (FD 13) exited



-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (650, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)

Versions of packages squid depends on:
ii  adduser                3.102             Add and remove users and groups
ii  coreutils              5.97-5.3          The GNU core utilities
ii  debconf [debconf-2.0]  1.5.11etch1       Debian configuration management sy
ii  libc6                  2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii  libdb4.4               4.4.20-8          Berkeley v4.4 Database Libraries [
ii  libldap2               2.1.30-13.3       OpenLDAP libraries
ii  libpam0g               0.79-5            Pluggable Authentication Modules l
ii  logrotate              3.7.1-3           Log rotation utility
ii  lsb-base               3.1-23.2etch1     Linux Standard Base 3.1 init scrip
ii  netbase                4.29              Basic TCP/IP networking system
ii  squid-common           2.6.5-6etch1      Internet Object Cache (WWW proxy c

squid recommends no packages.

-- debconf information:
  squid/fix_cachedir_perms: false
  squid/largefiles_warning:
  squid/anonymize_headers:
  squid/authenticate_program:
  squid-cgi/cachemgr:
  squid/fix_lines: true
  squid/old_version: false
  squid/http_anonymizer:



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to