Bug#601489: didiwiki: service exposed RW to the world upon installation

Tue, 26 Oct 2010 10:09:20 -0700 

Package: didiwiki
Version: 0.5-9
Severity: important

Problem:
Installation of didiwiki launches the service on 0.0.0.0:8000,
which means that the whole Internet has RW access to it.

Solution:
Replace the package /etc/init.d/didiwiki file by the appended
(which adds the option --listen=127.0.0.1 to didiwiki commands).


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages didiwiki depends on:
ii  adduser                3.112             add and remove users and groups
ii libc6 2.11.2-6+squeeze1 Embedded GNU C Library: Shared lib 

didiwiki recommends no packages.

didiwiki suggests no packages.

-- Configuration Files:
/etc/init.d/didiwiki changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/didiwiki
NAME=didiwiki
DESC=didiwiki
test -x $DAEMON || exit 0
if [ -f /etc/default/didiwiki ] ; then
        . /etc/default/didiwiki
fi
set -e
check_enable_daemon_option() {
    if [ ! "$ENABLE_DAEMON" = "yes" ]; then
        echo "Not starting didiwiki, disabled via /etc/default/didiwiki"
        return 1
    else
        return 0
    fi
}
case "$1" in
  start)
  if check_enable_daemon_option; then
        echo -n "Starting $DESC: "
        start-stop-daemon --start -b -m -c didiwiki --quiet --pidfile \
            /var/run/$NAME.pid --exec $DAEMON --                      \
            --home=/var/lib/didiwiki --listen=127.0.0.1
        echo "$NAME."
  else
      RET=1
  fi
        ;;
  stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --quiet -m -o --pidfile /var/run/$NAME.pid \
                --exec $DAEMON
        echo "$NAME."
        ;;
  restart|force-reload)
        #
        #       If the "reload" option is implemented, move the "force-reload"
        #       option to the "reload" entry above. If not, "force-reload" is
        #       just the same as "restart".
        #
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop -m -o --quiet --pidfile \
                /var/run/$NAME.pid --exec $DAEMON
        sleep 1
        if check_enable_daemon_option; then
            start-stop-daemon --start -b -m -c didiwiki --quiet --pidfile \
                /var/run/$NAME.pid --exec $DAEMON --                      \
                --home=/var/lib/didiwiki --listen=127.0.0.1
            echo "$NAME."
        else
            RET=1
        fi
        ;;
  *)
        N=/etc/init.d/$NAME
        # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac
exit 0


-- no debconf information



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to