[Bug 826672] [NEW] /tmp debug file sillyness

Public bug reported: dhcp3 (also known as isc-dhcp) when you enable 'debug' (set RUN="yes") in the /etc/dhcp/dhclient-enter-hooks.d/debug file blindly appends data to whatever is at /tmp/dhclient-script.debug ... this seems rather silly. ** Affects: dhcp3 (Ubuntu) Importance: Undecided

[Bug 826672] Re: /tmp debug file sillyness

Well the bug is that on systems which do not run with the YAMA kernel patch(i.e. most non-ubuntu systems) the use of the debug file in the /tmp directory could result in extra unwanted data being appended to $random file(if /tmp/dhclient-script.debug is actually a symbolic link). IMHO recording th

[Bug 858883] Re: "Management Parameters" (for example a system) which can be set in the web interface can result in arbitrary code execution on the host due to the use of yaml.loads instead of yaml.sa

** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858883 Title: "Management Parameters" (for example a system) which can be set in the web interface

[Bug 858875] Re: a some what odd configuration in cobbler.wsgi

** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858875 Title: a some what odd configuration in cobbler.wsgi To manage notifications about this bug g

[Bug 858878] Re: lack of csrf protection in cobbler-web

** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858878 Title: lack of csrf protection in cobbler-web To manage notifications about this bug go to: h

[Bug 858867] Re: XMLRPC allows unauthed users access to various methods (which it shouldn't)

** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858867 Title: XMLRPC allows unauthed users access to various methods (which it shouldn't) To mana

[Bug 858860] Re: weak default configured permissions on /etc/cobbler/users.digest

** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858860 Title: weak default configured permissions on /etc/cobbler/users.digest To manage notificatio

[Bug 858867] Re: XMLRPC allows unauthed users access to various methods (which it shouldn't)

Right - well the impact / if this is even a security "bug" is going to be up to the user. Personally, I don't see why the methods are exposed without good reason - is it a requirement that they are exposed? -- You received this bug notification because you are a member of Ubuntu Server Team, whic