*** This bug is a security vulnerability *** Public security bug reported:
When performing installation audits, I noticed on the image from 2014-04-07 the following after a livecd install: $ ls -l /var/lib/apt/lists|grep 'rw\-rw\-rw' -rw-rw-rw- 1 root root 29759 Apr 8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-amd64_Packages -rw-rw-rw- 1 root root 0 Apr 8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-i386_Packages -rw-rw-rw- 1 root root 1199 Apr 8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-amd64_Packages -rw-rw-rw- 1 root root 0 Apr 8 09:10 Ubuntu%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-i386_Packages This also happens on the server install from the same date: $ ls -l /var/lib/apt/lists|grep 'rw\-rw\-rw' -rw-rw-rw- 1 root root 1702199 Apr 8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-amd64_Packages -rw-rw-rw- 1 root root 0 Apr 8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_main_binary-i386_Packages -rw-rw-rw- 1 root root 0 Apr 8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-amd64_Packages -rw-rw-rw- 1 root root 0 Apr 8 09:09 Ubuntu-Server%2014.04%20LTS%20%5fTrusty%20Tahr%5f%20-%20Daily%20amd64%20(20140407)_dists_trusty_restricted_binary-i386_Packages I installed the image from 2014-04-07, installed today and noticed the above. ** Affects: apt (Ubuntu) Importance: Undecided Status: New ** Tags: rls-t-incoming ** Tags added: rls-t-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1304657 Title: world writable files in /var/lib/apt/lists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1304657/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs