.htpasswd files for private PPAs are stored world-readable

Bug #1386825 reported by James Troup
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Triaged
Low
Unassigned

Bug Description

| james@haetae:~$ sudo su - nobody -s /bin/bash
| No directory, logging in with HOME=/
| $ wc -l /srv/launchpad.net/private-ppa-archive/foo/bar/ubuntu/.htpasswd
| 425223 /srv/launchpad.net/private-ppa-archive/foo/bar/ubuntu/.htpasswd
| $

apache blocks users from reading this file which largely mitigates
this but, even so, there's no reason for them to be readable by anyone
with shell access.

William Grant (wgrant)
Changed in launchpad:
importance: Undecided → Low
status: New → Triaged
tags: added: p3a ppa privacy soyuz-publish
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.