Mythbuntu Control Center MythWeb Password Blanks Out

Bug #201397 reported by ed3120 on 2008-03-12
262
Affects Status Importance Assigned to Milestone
Mythbuntu
Fix Released
High
Unassigned
mythtv (Ubuntu)
Undecided
Unassigned
ubiquity (Ubuntu)
Undecided
Mario Limonciello

Bug Description

There appears to be an issue with the MCC option to set a password for MythWeb. I changed my password the other day and apparently MCC blanked it out. As a result, my MythWeb was left passwordless and open to the public.

After noticing this, I immediately went to MCC to change the password, and rebooted. When it came back up, the password was blank again. I wanted to let you know this because there is a potential flaw in MCC that can open up anyone's machine to a hacking attack.

I'm running MythBuntu 8.04 Alpha 2, which was last updated over the weekend.

laga (laga) wrote :

I've just fixed this in mythplugins-fixes rev46. The regular expressions we use to modify that file needed some tweaking. Mario, maybe we should have a new upload pretty soon? This also needs to be pushed to gutsy-backports.

Changed in mythbuntu:
importance: Undecided → High
status: New → Confirmed
Changed in mythtv:
status: New → Confirmed

Does ubiquity also need this?

On Tue, Mar 18, 2008 at 2:55 PM, laga <email address hidden> wrote:

> I've just fixed this in mythplugins-fixes rev46. The regular expressions
> we use to modify that file needed some tweaking. Mario, maybe we should
> have a new upload pretty soon? This also needs to be pushed to gutsy-
> backports.
>
> ** Changed in: mythbuntu
> Importance: Undecided => High
> Status: New => Confirmed
>
> ** Also affects: mythtv (Ubuntu)
> Importance: Undecided
> Status: New
>
> ** Changed in: mythtv (Ubuntu)
> Status: New => Confirmed
>
> --
> Mythbuntu Control Center MythWeb Password Blanks Out
> https://bugs.launchpad.net/bugs/201397
> You received this bug notification because you are a member of
> Mythbuntu, which is a direct subscriber.
>

--
Mario Limonciello
<email address hidden>

laga (laga) wrote :

Mario Limonciello wrote:
>
> On Tue, Mar 18, 2008 at 2:55 PM, laga <email address hidden> wrote:
>
>
>> I've just fixed this in mythplugins-fixes rev46. The regular expressions
>> we use to modify that file needed some tweaking. Mario, maybe we should
>> have a new upload pretty soon? This also needs to be pushed to gutsy-
>> backports.
>>
>> ** Changed in: mythbuntu
>> Importance: Undecided => High
>> Status: New => Confirmed
>>
>> ** Also affects: mythtv (Ubuntu)
>> Importance: Undecided
>> Status: New
>>
>> ** Changed in: mythtv (Ubuntu)
>> Status: New => Confirmed
>>
>> --
>> Mythbuntu Control Center MythWeb Password Blanks Out
>> https://bugs.launchpad.net/bugs/201397
>> You received this bug notification because you are a member of
>> Mythbuntu, which is a direct subscriber.
>>
>>
>
>
> Does ubiquity also need this?
>
Does ubiquity just use mythweb.postinst or does it have a copy of that code?

Mario Limonciello (superm1) wrote :

laga wrote:
> Mario Limonciello wrote:
>> On Tue, Mar 18, 2008 at 2:55 PM, laga <email address hidden> wrote:
>>
>>
>>> I've just fixed this in mythplugins-fixes rev46. The regular expressions
>>> we use to modify that file needed some tweaking. Mario, maybe we should
>>> have a new upload pretty soon? This also needs to be pushed to gutsy-
>>> backports.
>>>
>>> ** Changed in: mythbuntu
>>> Importance: Undecided => High
>>> Status: New => Confirmed
>>>
>>> ** Also affects: mythtv (Ubuntu)
>>> Importance: Undecided
>>> Status: New
>>>
>>> ** Changed in: mythtv (Ubuntu)
>>> Status: New => Confirmed
>>>
>>> --
>>> Mythbuntu Control Center MythWeb Password Blanks Out
>>> https://bugs.launchpad.net/bugs/201397
>>> You received this bug notification because you are a member of
>>> Mythbuntu, which is a direct subscriber.
>>>
>>>
>>
>> Does ubiquity also need this?
>>
> Does ubiquity just use mythweb.postinst or does it have a copy of that code?
>
Copy of the code right now.

--
Mario Limonciello
<email address hidden>

laga (laga) wrote :

Mario,

we should change ubiquity to use debconf and the maintainer scripts - or is that unfeasible for some reason?

laga (laga) wrote :

This problem is actually not in mythtv, it's in mythplugins. It was fixed there in the latest upload, 0.21.0-0ubuntu3.

Changed in mythtv:
status: Confirmed → Fix Released
Mario Limonciello (superm1) wrote :

I had trouble when I tried that with ubiquity complaining about
already running debconf frontend.

It has been some time since I tried though, so maybe sometime this
weekend can give it another shot.

Mario Limonciello
<email address hidden>
Sent from my iPod Touch

On Mar 20, 2008, at 8:43, laga <email address hidden> wrote:

> Mario,
>
> we should change ubiquity to use debconf and the maintainer scripts
> - or
> is that unfeasible for some reason?
>
> ** Visibility changed to: Public
>
> --
> Mythbuntu Control Center MythWeb Password Blanks Out
> https://bugs.launchpad.net/bugs/201397
> You received this bug notification because you are a member of
> Mythbuntu, which is a direct subscriber.

laga (laga) wrote :

Mario, can you fix this in ubiquity (if necessary)?

Changed in ubiquity:
assignee: nobody → superm1
Mario Limonciello (superm1) wrote :

this fix will be included in ubiquity 1.11.4

Changed in ubiquity:
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubiquity - 1.11.4

---------------
ubiquity (1.11.4) jaunty; urgency=low

  [ Mario Limonciello ]
  * Mythbuntu specific changes:
    - Don't reinvent the square with autologin. It's provided
      by user-setup, so use it there.
    - Eliminate mythbuntu_summary.py, and instead merge it into
      mythbuntu_install.py
    - Change definition overrides in mythbuntu_install.py so run() can
      be used from install.py without code duplication in mythbuntu_install.py.
      (LP: #178987), (LP: #201397), (LP: #293268)
    - Change function overrides in mythbuntu_ui.py. There should be no
      full definition code duplication anymore.
  * GTK specific changes:
    - Move declaration of self.pages into __init__ instead so that it can
      more easily overridden outside of run().
  * Automatic update of included source packages: apt-setup
    1:0.37ubuntu9.

 -- Mario Limonciello <email address hidden> Mon, 19 Jan 2009 08:28:50 -0600

Changed in ubiquity:
status: Fix Committed → Fix Released
Thomas Mashos (tgm4883) on 2009-04-07
Changed in mythbuntu:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers