Package: squid Version: 2.6.5-4 Severity: serious Squid "breaks" debsums:
debsums: can't open squid file /usr/lib/squid/pam_auth (Permission denied) debsums: can't open squid file /usr/lib/squid/getpwnam_auth (Permission denied) Those files are setgid group shadow and thus it makes sense that they are not executable by "others". However, that doesn't mean they cannot be readable. Section 10.9. of the policy says: Some setuid programs need to be restricted to particular sets of users, using file permissions. In this case they should be owned by the uid to which they are set-id, and by the group which should be allowed to execute them. They should have mode 4754; again there is no point in making them unreadable to those users who must not be allowed to execute them. I filed this as RC because the policy covers the case. I don't really think it's that critical, so please downgrade if you wish. Or just upload a quick fix (or tell me to NMU it). -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (750, 'unstable'), (500, 'testing'), (250, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages squid depends on: ii adduser 3.102 Add and remove users and groups ii coreutils 5.97-5.3 The GNU core utilities ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libdb4.4 4.4.20-8 Berkeley v4.4 Database Libraries [ ii libldap2 2.1.30-13.3 OpenLDAP libraries ii libpam0g 0.79-4 Pluggable Authentication Modules l ii logrotate 3.7.1-3 Log rotation utility ii lsb-base 3.1-23 Linux Standard Base 3.1 init scrip ii netbase 4.29 Basic TCP/IP networking system ii squid-common 2.6.5-4 Internet Object Cache (WWW proxy c squid recommends no packages. -- debconf information excluded -- .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems
signature.asc
Description: Digital signature (GPG/PGP)