Hi ! The 1st thing I would suggest would be to restrict the rights on the CGI, to make sure the hole cannot be exploited by any user:
chgrp www-data /usr/share/backuppc/cgi-bin/index.cgi chmod 4750 /usr/share/backuppc/cgi-bin/index.cgi I'm talking to the upstream author to find a way to close the hole. Regards, -- Ludovic -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org