[Bug 826672] [NEW] /tmp debug file sillyness
Public bug reported: dhcp3 (also known as isc-dhcp) when you enable 'debug' (set RUN="yes") in the /etc/dhcp/dhclient-enter-hooks.d/debug file blindly appends data to whatever is at /tmp/dhclient-script.debug ... this seems rather silly. ** Affects: dhcp3 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/826672 Title: /tmp debug file sillyness To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/826672/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 826672] Re: /tmp debug file sillyness
Well the bug is that on systems which do not run with the YAMA kernel patch(i.e. most non-ubuntu systems) the use of the debug file in the /tmp directory could result in extra unwanted data being appended to $random file(if /tmp/dhclient-script.debug is actually a symbolic link). IMHO recording the debug output to syslog would be a better idea. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/826672 Title: /tmp debug file sillyness To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/826672/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858883] Re: "Management Parameters" (for example a system) which can be set in the web interface can result in arbitrary code execution on the host due to the use of yaml.loads instead of yaml.sa
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858883 Title: "Management Parameters" (for example a system) which can be set in the web interface can result in arbitrary code execution on the host due to the use of yaml.loads instead of yaml.safe_loads in item.py on line 248: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858875] Re: a some what odd configuration in cobbler.wsgi
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858875 Title: a some what odd configuration in cobbler.wsgi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858875/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858878] Re: lack of csrf protection in cobbler-web
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858878 Title: lack of csrf protection in cobbler-web To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858878/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858867] Re: XMLRPC allows unauthed users access to various methods (which it shouldn't)
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858867 Title: XMLRPC allows unauthed users access to various methods (which it shouldn't) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858860] Re: weak default configured permissions on /etc/cobbler/users.digest
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858860 Title: weak default configured permissions on /etc/cobbler/users.digest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858860/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 858867] Re: XMLRPC allows unauthed users access to various methods (which it shouldn't)
Right - well the impact / if this is even a security "bug" is going to be up to the user. Personally, I don't see why the methods are exposed without good reason - is it a requirement that they are exposed? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cobbler in Ubuntu. https://bugs.launchpad.net/bugs/858867 Title: XMLRPC allows unauthed users access to various methods (which it shouldn't) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858867/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
