[SCM] mediatomb/master: Disabled User-Interface by default (Closes #580120, #778669)

umlaeute at users.alioth.debian.org umlaeute at users.alioth.debian.org
Tue Jun 30 20:35:09 UTC 2015 

The following commit has been merged in the master branch:
commit a8038493cc4df1a4a432252cf9762d3a6c8e8f79
Author: IOhannes m zmölnig <zmoelnig at umlautQ.umlaeute.mur.at>
Date:   Tue Jun 30 22:18:04 2015 +0200

    Disabled User-Interface by default (Closes #580120, #778669)
    
    and add note to README.Debian (mediatomb-daemon) on how to enable it.
    
    This is a backport of the original fix in mediatomb/0.12.0~svn2018-6.1, which
    was lost after a re-upload of the package.

diff --git a/debian/config.xml b/debian/config.xml
index 63f50ab..a998cf8 100644
--- a/debian/config.xml
+++ b/debian/config.xml
@@ -5,7 +5,7 @@
      information on creating and using config.xml configration files.
     -->
   <server>
-    <ui enabled="yes" show-tooltips="yes">
+    <ui enabled="no" show-tooltips="yes">
       <accounts enabled="no" session-timeout="30">
         <account user="mediatomb" password="mediatomb"/>
       </accounts>
@@ -154,4 +154,4 @@
       </profile>
     </profiles>
   </transcoding>
-</config>
\ No newline at end of file
+</config>
diff --git a/debian/mediatomb-daemon.README.Debian b/debian/mediatomb-daemon.README.Debian
index 0b65c78..a3cf3f2 100644
--- a/debian/mediatomb-daemon.README.Debian
+++ b/debian/mediatomb-daemon.README.Debian
@@ -1,3 +1,24 @@
+Disabled User-Interface
+--------------------------------------------------------------------------
+For security reasons, the Debian package has disabled the user-interface
+by default, as having the interface enabled, would allow anyone in the
+same network as your mediatomb-daemon to access your filesystem (as user
+'mediatomb') without any authentication.
+Note that the 'mediatomb' user does not have excessive permissions (but
+arguably more than any random person who can connect to your network should
+have).
+For a discussion of this issue, see Debian bugs #580120 & #778669.
+To enable the user-interface, edit /etc/mediatomb/config.xml and change the
+line containing
+    <ui enabled="no" ...
+to
+    <ui enabled="yes" ...
+If you do that, you should make sure to protect your data otherwise (e.g. by
+enabling user accounts, making sure that the daemon only listens on 127.0.0.1
+and so on).
+--------------------------------------------------------------------------
+
+
 Upgrading to mediatomb_0.12.0~svn2018-1
 --------------------------------------------------------------------------
 If you are upgrading mediatomb-daemon to the Debian package version

-- 
MediaTomb packaging

More information about the pkg-multimedia-commits mailing list