Re-merging or upgrading net-p2p/mhxd will overwrite the entire installation. This includes any news that has been posted and the default account entries of guest and admin. This means that the admin password is reset to null allowing anyone to access the server as administrator! Reproducible: Always Steps to Reproduce: 1. merge and setup mhxd 2. re-merge mhxd 3. login as admin with no password even though one was set in step 1. Actual Results: The admin password is replaced with null and full access is given to anyone that tries it. Expected Results: The ebuild should not overwrite such files or it should use config-protect to protect them. This is a potential security problem since the admin password is being reset to a null but all published files are still accessible. Someone could easily wipe out all files on a server before the admin notices that the password protection has been removed.
Guillaume please advise
Kang / net-p2p: please fix ebuild or comment...
mhxd will be removed from portage as it is not supported anymore upstream replacement ebuild will be phxd (http://avaraline.net/~cvs/cgi/viewcvs.cgi/phxd/) It provides the same functionality. please add: CONFIG_PROTECT="/var/mhxd/accounts" and whichever necessary to /etc/env.d/99local and run "env-update;source /etc/profile" warning added to the ebuild (as anyway its going away)
Guillaume: care to mask the package until it's migrated to phxd ?
done
Out of main scope until removal
net-p2p any news on this one?
Punted