Hi Massimiliano, Matt, On Thu, Oct 17, 2002 at 11:15:31AM -0400, Matt Zimmerman wrote: > > When slapd (LDAP server daemon) is configured to replicate itself to > > another server, on each addition/modification to the directory it will > > store the changes to be replicated in /var/lib/ldap/replog. This > > directory is world readable and entries like userPassword will be visible > > (although on sensible setups they will already be hashed to MD5 or SHA). > > slurpd will then pick the changes up, push them to the slave directory, > > and store them in /var/spool/slurpd/replica/slurpd.replog, which is a > > complete log of changes applied by slurpd and is world readable as well. > > > > Am I missing something or should a bug be filed? > > It sounds like a bug, but if you are unsure you should contact the > maintainer of the slapd package (CC'd), who is more capable of answering > authoritatively than the debian-security mailing list. This is in fact a fault in the Debian packaging. The upstream creates the directories with proper permissions. I'll try to do an upload to fix that today. Problem is - what do we do about stable? Shall I prepare an upload for that or is the security team taking care of it? Greetings Torsten
Attachment:
pgpJrhAUALC1P.pgp
Description: PGP signature