.htpasswd files for private PPAs are stored world-readable
Bug #1386825 reported by
James Troup
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Triaged
|
Low
|
Unassigned | ||
Bug Description
| james@haetae:~$ sudo su - nobody -s /bin/bash
| No directory, logging in with HOME=/
| $ wc -l /srv/launchpad.
| 425223 /srv/launchpad.
| $
apache blocks users from reading this file which largely mitigates
this but, even so, there's no reason for them to be readable by anyone
with shell access.
| Changed in launchpad: | |
| importance: | Undecided → Low |
| status: | New → Triaged |
| tags: | added: p3a ppa privacy soyuz-publish |
To post a comment you must log in.
