[SCM] mediatomb/master: Disabled User-Interface by default (Closes #580120, #778669)
umlaeute at users.alioth.debian.org
umlaeute at users.alioth.debian.org
Tue Jun 30 20:35:09 UTC 2015
The following commit has been merged in the master branch:
commit a8038493cc4df1a4a432252cf9762d3a6c8e8f79
Author: IOhannes m zmölnig <zmoelnig at umlautQ.umlaeute.mur.at>
Date: Tue Jun 30 22:18:04 2015 +0200
Disabled User-Interface by default (Closes #580120, #778669)
and add note to README.Debian (mediatomb-daemon) on how to enable it.
This is a backport of the original fix in mediatomb/0.12.0~svn2018-6.1, which
was lost after a re-upload of the package.
diff --git a/debian/config.xml b/debian/config.xml
index 63f50ab..a998cf8 100644
--- a/debian/config.xml
+++ b/debian/config.xml
@@ -5,7 +5,7 @@
information on creating and using config.xml configration files.
-->
<server>
- <ui enabled="yes" show-tooltips="yes">
+ <ui enabled="no" show-tooltips="yes">
<accounts enabled="no" session-timeout="30">
<account user="mediatomb" password="mediatomb"/>
</accounts>
@@ -154,4 +154,4 @@
</profile>
</profiles>
</transcoding>
-</config>
\ No newline at end of file
+</config>
diff --git a/debian/mediatomb-daemon.README.Debian b/debian/mediatomb-daemon.README.Debian
index 0b65c78..a3cf3f2 100644
--- a/debian/mediatomb-daemon.README.Debian
+++ b/debian/mediatomb-daemon.README.Debian
@@ -1,3 +1,24 @@
+Disabled User-Interface
+--------------------------------------------------------------------------
+For security reasons, the Debian package has disabled the user-interface
+by default, as having the interface enabled, would allow anyone in the
+same network as your mediatomb-daemon to access your filesystem (as user
+'mediatomb') without any authentication.
+Note that the 'mediatomb' user does not have excessive permissions (but
+arguably more than any random person who can connect to your network should
+have).
+For a discussion of this issue, see Debian bugs #580120 & #778669.
+To enable the user-interface, edit /etc/mediatomb/config.xml and change the
+line containing
+ <ui enabled="no" ...
+to
+ <ui enabled="yes" ...
+If you do that, you should make sure to protect your data otherwise (e.g. by
+enabling user accounts, making sure that the daemon only listens on 127.0.0.1
+and so on).
+--------------------------------------------------------------------------
+
+
Upgrading to mediatomb_0.12.0~svn2018-1
--------------------------------------------------------------------------
If you are upgrading mediatomb-daemon to the Debian package version
--
MediaTomb packaging
More information about the pkg-multimedia-commits
mailing list