Public bug reported: update-manager puts passwords to private PPA in world readable log files, c.f.
| sdfsdsd@tuna:~$ grep -r private-ppa /var/log/dist-upgrade/20110901-1642/ | /var/log/dist-upgrade/20110901-1642/main.log:2011-09-01 16:35:03,768 DEBUG examining: 'deb https://elmo:[email protected]/commercial-ppa-uploaders/braid/ubuntu natty main #Added by software-center' | /var/log/dist-upgrade/20110901-1642/main.log:2011-09-01 16:35:03,771 DEBUG entry '# deb https://elmo:[email protected]/commercial-ppa-uploaders/braid/ubuntu oneiric main #Added by software-center disabled on upgrade to oneiric' was disabled (unknown mirror) | sdfsdsd@tuna:~$ groups | sdfsdsd | sdfsdsd@tuna:~$ Obviously, this is bad for any system that has more than one user. ** Affects: update-manager (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/839094 Title: update-manager leaks passwords to private PPAs in world readable log files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/839094/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
