The defaults are to use ssh to localhost host, and to only listen for
connections on localhost. Using this without encryption would be
considered a critical security issue, as it would expose the entire
underlying SSH connection. As long as ajaxterm is never used in this
way, I'm fine with including it.
Can you eliminate "usr/share/python" and it's entire tree? It doesn't
seem to be needed. Additionally, can you see why the sys.path is
adjusted at the start of ajaxterm.py itself? I don't think that should
be needed and might be dangerous depending on how it is called.
** Changed in: ajaxterm (Ubuntu)
Assignee: Kees Cook (kees) => (unassigned)
** Changed in: ajaxterm (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795159
Title:
[MIR] ajaxterm
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ajaxterm/+bug/795159/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
