Actually, I just found this from the MediaTomb documentation at
http://mediatomb.cc/pages/documentation#id2856362:
"The server has an integrated filesystem browser, that means that anyone
who has access to the UI can browse your filesystem (with user
permissions under which the server is running) and also download your
data! If you want maximum security - disable the UI completely! Account
authentication offers simple protection that might hold back your kids,
but it is not secure enough for use in an untrusted environment! Note:
since the server is meant to be used in a home LAN environment the UI is
enabled by default and accounts are deactivated, thus allowing anyone on
your network to connect to the user interface."
I also confirmed the install behavior, which enables the UI by default
with no user accounts. This is wrong and should be fixed in the
packaging.
** Changed in: mediatomb (Ubuntu)
Status: Incomplete => Triaged
** Changed in: mediatomb (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
mediatomb allows anyone to browse and export the whole filesystem
https://bugs.launchpad.net/bugs/569763
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
