On 2/27/07, Lionel Porcheron <[EMAIL PROTECTED]> wrote:
The file which contains user passwords (/var/lib/ejabberd/passwd.DCD) is world 
readable and even if this file is a binary file, having a shell account on the 
ejabberd server permit to find password (passwords are clear in the file).

There is a bug in postinstall script. If directory /var/lib/ejabberd
does exist when ejabberd is being installed then its permissions
aren't overwritten.

As a workaround, simply change /var/lib/ejabberd permissions to 700.

Thanks for report!
--
Sergei Golovan


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to