Noticed on an installation that 'index.dat' of the cache directory has 'other' permissions of read & write enabled. Hence a quick 'strings index.dat' exposes repository user-id's and passwords. Easily fixed via 'chmod o-rw index.dat'.
Logged In: NO
Just noticed that if you update the repository list then 'index.dat' gets other+rw again!
Log in to post a comment.
Logged In: NO
Just noticed that if you update the repository list then 'index.dat' gets other+rw again!