137510 – Horde database creation files are installed world-readable

Bug 137510 - Horde database creation files are installed world-readable

Summary: Horde database creation files are installed world-readable

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Default Configs (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-06-21 12:54 UTC by Sebastian Witt
Modified:	2006-06-21 17:50 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Witt 2006-06-21 12:54:55 UTC

When installing www-apps/horde-3.1.1  +mysql -vhosts
the database create scripts in htdocs/horde/scripts/sql are world readable (also via web).

When someone uses the install description in /usr/share/doc/horde-3.1.1/INSTALL.gz
section 6.

 vi create.mysql.sql
 mysql -u root -p < create.mysql.sql

and does not remove or modify permission of the create.mysql.sql file the password is visible.

The files should be installed with 600 (it seems the test.php is installed with 000 for security reasons also?).

Comment 1 SpanKY gentoo-dev

2006-06-21 17:50:47 UTC

updated 3.1.1-r1 to force 600 on scripts/sql/create.*.sql

cheers