Your message dated Wed, 08 Nov 2006 22:22:36 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#281467: libapache2-mod-python: mod_python sessions store
file is world readable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libapache2-mod-python
Version: 3.1.3-2.2
Severity: normal
Mod_python session management uses a DBM file to store the session data
on disk. By default that file is created in /tmp with world readable
permissions (/tmp/mp_sess.dbm). This has obvious security implications:
anyone with access to the web server's /tmp can read possibly sensitive
session information or even hijack sessions.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=C, LC_CTYPE=C
Versions of packages libapache2-mod-python depends on:
ii libapache2-mod-python2.3 3.1.3-2.2 An Apache 2 module that embeds Pyt
ii python 2.3.4-4 An interactive high-level object-o
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 3.2.10-2
I'm closing this bug since it seems to be solved in the current
packages.
--
Sam Morris
http://robots.org.uk/
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
signature.asc
Description: This is a digitally signed message part
--- End Message ---
