Comment 4 for bug 222558
Revision history for this message
| Henning Holtschneider (henning-loca) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I'm sorry I did not respond to this bug earlier. I missed Chuck's reply in April. Kern is absolutely right, this is a packaging problem inherited from Debian.
I didn't want to make the problem bigger than it acutally is. People who are using Bacula should be aware of the fact that the software uses a shared secret to communicate between the different components of the software package. But Joe Average who runs Bacula with the default settings coming from the .deb package will find himself left with a shared secret common to all Ubuntu Bacula installations and there are no indications whatsoever in the READMEs or in the configuration files which indicate this weakness.
Depending on your point of view, you might consider this a serious security issue.