Hello, On Sun, Mar 20, 2005 at 03:15:24PM +0100, Rolf Leggewie wrote: > Package: mldonkey-server > Version: 2.5.28-2 > Severity: grave > Tags: security > Justification: user security hole > > Sylvain, > > thank you for your work to package mldonkey-server. downloads.ini is created > with permissions for the group users to write the file > and thus change the admin password, this should not be the case. > Furthermore, the file is world-readable which IMHO should not be > allowed either. > > Best > > Rolf >
Ok, well, i will try to fix this permission problem. Regard Sylvain Le Gall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
