Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 91432 - mysql my.cnf unsecure file permission
Summary: mysql my.cnf unsecure file permission
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Default Configs (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-04 06:55 UTC by Romang
Modified: 2005-05-04 23:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Romang 2005-05-04 06:55:09 UTC 
/etc/mysql/my.cnf is world readable

This file could contain the mysql password

[client]
#password       = my_password

If a user provide the password in this file instead of creating a /root/.my.cnf

everybody could have access to sensitive informations.

Regards.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Actual Results:  
my.cnf is world readable

Expected Results:  
my.cnf shouldn't be world readable
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-05-04 12:19:54 UTC 
we don't provide a password in there by default, and if a user did want to put one in /etc/mysql/my.cnf, it would be so that all clients on the system could access it getting the password automatically, hence no need for limited permissions.

I recommend security mark as WONTFIX - there is a lot more need to have the my.cnf world readable so that unprivileged clients can get the rest of their settings.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-04 23:16:39 UTC 
Closing as WONTFIX as requested by Robin. If anyone disagrees feel free to reopen.