Opened 12 years ago

Closed 12 years ago

#1309 closed Bug (fixed)

Web/RPC interface ACL ignored

Reported by: naddy Owned by: charles
Priority: Normal Milestone: 1.40
Component: libtransmission Version: 1.34
Severity: Major Keywords:
Cc:

Description

Both the 1.34 GTK+ client and the daemon appear to ignore the access control list for the web/rpc interface. I'm running with the default here, a single ACL entry "127.0.0.1 Allow", but the web/rpc interface accepts accesses from any address.

This is on OpenBSD, can anybody reproduce on other platforms?

Change History (3)

comment:1 Changed 12 years ago by priteau

I can reproduce this on Mac OS X 10.5.5 with Transmission 1.34 (6770), but actually the ACL is not ignored : if I add an IP with a Deny permission, access is indeed denied from this IP. I think the problem is that the default for unmatched IPs is Allow. This seems wrong. It should be configurable.

comment:2 Changed 12 years ago by charles

  • Milestone changed from None Set to 1.40
  • Severity changed from Normal to Major
  • Status changed from new to assigned

comment:3 Changed 12 years ago by charles

  • Resolution set to fixed
  • Status changed from assigned to closed

fixed in r6823

Note: See TracTickets for help on using tickets.