From a719ffd20a70fa27b7ea98244639caad8471cfb4 Mon Sep 17 00:00:00 2001
From: Jakub Wilk <jwilk@jwilk.net>
Date: Thu, 16 Mar 2023 21:23:41 +0100
Subject: [PATCH] Fix apt.conf permissions

Having world-writable apt.conf may be exploited by locals users to
execute arbitrary code in the context of the user running mmdebstrap.
---
 mmdebstrap | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mmdebstrap b/mmdebstrap
index b6273f6..d31359a 100755
--- a/mmdebstrap
+++ b/mmdebstrap
@@ -2265,7 +2265,7 @@ sub run_setup() {
     # we have to make the config file world readable so that a possible
     # /usr/lib/apt/solvers/apt process which is run by the _apt user is also
     # able to read it
-    chmod 0666, "$tmpfile" or error "cannot chmod $tmpfile: $!";
+    chmod 0644, "$tmpfile" or error "cannot chmod $tmpfile: $!";
     if ($verbosity_level >= 3) {
         0 == system('apt-get', '--version')
           or error "apt-get --version failed: $?";