[MIR] ajaxterm
Bug #795159 reported by
Chuck Short
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ajaxterm (Ubuntu) |
Fix Released
|
Undecided
|
C de-Avillez |
Bug Description
Binary package hint: ajaxterm
Availability: Currently in universe
Rationale: Dependency for nova, apart of the server-o-cobbler specification in order to get
nova, glance, and swift into main.
Security: Security history, CVE-2009-1629 fixed in oneoric.
Quality Assurance: Package works out of the box with no prompting. There is usablity bugs both in Debian and Ubuntu
Standards Compliance: FHS and Debian Policy compliant.
Maintenance: Simple python package that the Ubuntu Server Team will take care of.
Dependencies: All are in main except python-pysco which appears to be a pure virtual package.
Related branches
lp:~hggdh2/ubuntu/oneiric/ajaxterm/bug795159
- Kees Cook: Approve
-
Diff: 85 lines (+42/-2)5 files modifieddebian/changelog (+10/-0)
debian/control (+2/-1)
debian/patches/93_bug795159.diff (+18/-0)
debian/patches/series (+1/-0)
debian/rules (+11/-1)
Changed in ajaxterm (Ubuntu): | |
assignee: | nobody → Michael Terry (mterry) |
Changed in ajaxterm (Ubuntu): | |
assignee: | Michael Terry (mterry) → Kees Cook (kees) |
tags: | added: server-o-mir |
To post a comment you must log in.
The defaults are to use ssh to localhost host, and to only listen for connections on localhost. Using this without encryption would be considered a critical security issue, as it would expose the entire underlying SSH connection. As long as ajaxterm is never used in this way, I'm fine with including it.
Can you eliminate "usr/share/python" and it's entire tree? It doesn't seem to be needed. Additionally, can you see why the sys.path is adjusted at the start of ajaxterm.py itself? I don't think that should be needed and might be dangerous depending on how it is called.