[Bug 839094] [NEW] update-manager leaks passwords to private PPAs in world readable log files
James Troup
james.troup at canonical.com
Thu Sep 1 21:03:23 UTC 2011
Public bug reported:
update-manager puts passwords to private PPA in world readable log
files, c.f.
| sdfsdsd at tuna:~$ grep -r private-ppa /var/log/dist-upgrade/20110901-1642/
| /var/log/dist-upgrade/20110901-1642/main.log:2011-09-01 16:35:03,768 DEBUG examining: 'deb https://elmo:XXXXXXXXXXXXXXXXXX@private-ppa.launchpad.net/commercial-ppa-uploaders/braid/ubuntu natty main #Added by software-center'
| /var/log/dist-upgrade/20110901-1642/main.log:2011-09-01 16:35:03,771 DEBUG entry '# deb https://elmo:XXXXXXXXXXXXXXXXXX@private-ppa.launchpad.net/commercial-ppa-uploaders/braid/ubuntu oneiric main #Added by software-center disabled on upgrade to oneiric' was disabled (unknown mirror)
| sdfsdsd at tuna:~$ groups
| sdfsdsd
| sdfsdsd at tuna:~$
Obviously, this is bad for any system that has more than one user.
** Affects: update-manager (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/839094
Title:
update-manager leaks passwords to private PPAs in world readable log
files
Status in “update-manager” package in Ubuntu:
New
Bug description:
update-manager puts passwords to private PPA in world readable log
files, c.f.
| sdfsdsd at tuna:~$ grep -r private-ppa /var/log/dist-upgrade/20110901-1642/
| /var/log/dist-upgrade/20110901-1642/main.log:2011-09-01 16:35:03,768 DEBUG examining: 'deb https://elmo:XXXXXXXXXXXXXXXXXX@private-ppa.launchpad.net/commercial-ppa-uploaders/braid/ubuntu natty main #Added by software-center'
| /var/log/dist-upgrade/20110901-1642/main.log:2011-09-01 16:35:03,771 DEBUG entry '# deb https://elmo:XXXXXXXXXXXXXXXXXX@private-ppa.launchpad.net/commercial-ppa-uploaders/braid/ubuntu oneiric main #Added by software-center disabled on upgrade to oneiric' was disabled (unknown mirror)
| sdfsdsd at tuna:~$ groups
| sdfsdsd
| sdfsdsd at tuna:~$
Obviously, this is bad for any system that has more than one user.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/839094/+subscriptions
More information about the foundations-bugs
mailing list