Message-Id: <email address hidden>
Date: Tue, 15 Feb 2005 11:53:16 +0100
From: Rolf Leggewie <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: reportbug: config files are world readable
Package: reportbug
Version: 3.2
Severity: grave
Justification: user security hole
The conf files for reportbug are created world-readable. For users of
smart-hosts this represents a security hole since it exposes their
passwords on that host for any local user to pick up. Heck, reportbug
even included that information in this bug report before I deleted it.
-- Package-specific info:
** /home/leggewie/.reportbugrc:
reportbug_version "3.2"
mode standard
ui text
realname "Rolf Leggewie"
email "<email address hidden>"
smtphost "postman.arcor.de"
Message-Id: <email address hidden>
Date: Tue, 15 Feb 2005 11:53:16 +0100
From: Rolf Leggewie <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: reportbug: config files are world readable
Package: reportbug
Version: 3.2
Severity: grave
Justification: user security hole
The conf files for reportbug are created world-readable. For users of
smart-hosts this represents a security hole since it exposes their
passwords on that host for any local user to pick up. Heck, reportbug
even included that information in this bug report before I deleted it.
-- Package-specific info: .reportbugrc:
** /home/leggewie/
reportbug_version "3.2"
mode standard
ui text
realname "Rolf Leggewie"
email "<email address hidden>"
smtphost "postman.arcor.de"
-- System Information: ANSI_X3. 4-1968)
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-586tsc
Locale: LANG=C, LC_CTYPE=C (charmap=
Versions of packages reportbug depends on:
ii python2.3 2.3.4-19 An interactive high-level object-o
-- no debconf information