Bug#246093: Samba passwords are shown in plain text
Steve Langasek
Steve Langasek <vorlon@debian.org>, 246093@bugs.debian.org
Tue, 8 Jun 2004 20:37:38 -0500
--jL2BoiuKMElzg3CS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
severity 246093 important
thanks
Your typing of passwords that you don't want people to know into a tool
that uses those passwords to proxy connections on behalf of other users,=20
and makes those passwords available to other administrators for editing,
is not a security bug. If you have managed to create a root security
hole for yourself by using root passwords to administer servers, this is
a problem with your local security practices, not with this package.
There may or may not be improvements that can be made to the password
handling of this application -- though a certain amount of risk is
inherent to the tool and the use of SMB print servers -- so I'm leaving
this bug open for further comment, but it's definitely not RC.
--=20
Steve Langasek
postmodern programmer
--jL2BoiuKMElzg3CS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAxmniKN6ufymYLloRAgBlAKDU9H1TywCAZIGsUx/X65ZlZydIewCfU4D1
9NvisLBHbK9zT15i7D03UKo=
=nLqt
-----END PGP SIGNATURE-----
--jL2BoiuKMElzg3CS--