[Commits] fdce930: MDEV-9081 - Debian: insecure debian-sys-maint password handling

Sergey Vojtovich svoj at mariadb.org
Tue Dec 22 11:14:57 EET 2015


revision-id: fdce930ac6de9edfd53b851b542a4d07a95b3139 (mariadb-10.1.9-25-gfdce930)
parent(s): 370ab48e9fcf4bc15ffa5e313fc34aa97981a832
committer: Sergey Vojtovich
timestamp: 2015-12-22 13:13:12 +0400
message:

MDEV-9081 - Debian: insecure debian-sys-maint password handling

Set umask so that newly created file is not readable by others. This is a quick
fix to close security gap. To be replaced by MDEV-8375 - passwordless root
login.

---
 debian/mariadb-server-10.1.postinst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debian/mariadb-server-10.1.postinst b/debian/mariadb-server-10.1.postinst
index 0f35802..63b7c0c 100644
--- a/debian/mariadb-server-10.1.postinst
+++ b/debian/mariadb-server-10.1.postinst
@@ -157,7 +157,9 @@ EOF
     else
 	pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
         if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
+        umask 066
         cat /dev/null > $dc
+        umask 022
         echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
         echo "[client]"                                                    >>$dc
         echo "host     = localhost"                                        >>$dc


More information about the commits mailing list