.htpasswd files for private PPAs are stored world-readable
Bug #1386825 reported by
James Troup
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Triaged
|
Low
|
Unassigned |
Bug Description
| james@haetae:~$ sudo su - nobody -s /bin/bash
| No directory, logging in with HOME=/
| $ wc -l /srv/launchpad.
| 425223 /srv/launchpad.
| $
apache blocks users from reading this file which largely mitigates
this but, even so, there's no reason for them to be readable by anyone
with shell access.
Changed in launchpad: | |
importance: | Undecided → Low |
status: | New → Triaged |
tags: | added: p3a ppa privacy soyuz-publish |
To post a comment you must log in.