Colin Watson wrote:
> Joey, what do you think of this? I'd rather not add a new database
> unilaterally.
I don't like special casing ucf in debconf. I suppose we could add a
Sensative: true field and filter questions with that set to a separate
database.
I think I prefer the approach of ucf ensur
On Wed, Jan 21, 2009 at 12:36:39AM -0600, Manoj Srivastava wrote:
> ucf has no way of knowing whether the data it is being asked to
> diff has passwords or other sensitive information; and since it is
> required by policy to use debconf for all user interaction, it _has_ to
> send the di
reassign 511893 debconf
thanks
Hi,
ucf has no way of knowing whether the data it is being asked to
diff has passwords or other sensitive information; and since it is
required by policy to use debconf for all user interaction, it _has_ to
send the diff through debconf.
As sugges
Processing commands for cont...@bugs.debian.org:
> reassign 511893 debconf
Bug#511893: ucf stores diff (of private files) in debconf (world readable)
Bug reassigned from package `ucf' to `debconf'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Deb
Package: ucf
Version: 3.0011
Severity: grave
Tags: security
How to reproduce:
r...@vice:/tmp/ucftest# cat test1
password="secret";
user="root";
start="no";
foor="bar";
r...@vice:/tmp/ucftest#
Lets install it:
r...@vice:/tmp/ucftest# ucf test1 /tmp/ucftest/installed
Creating config file /tmp/uc
5 matches
Mail list logo
