Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 91432

Summary: mysql my.cnf unsecure file permission
Product: Gentoo Security Reporter: Romang <zataz>
Component: Default ConfigsAssignee: Gentoo Security <security>
Status: RESOLVED WONTFIX    
Severity: normal CC: mysql-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Romang 2005-05-04 06:55:09 UTC 
/etc/mysql/my.cnf is world readable

This file could contain the mysql password

[client]
#password       = my_password

If a user provide the password in this file instead of creating a /root/.my.cnf

everybody could have access to sensitive informations.

Regards.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Actual Results:  
my.cnf is world readable

Expected Results:  
my.cnf shouldn't be world readable
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-05-04 12:19:54 UTC 
we don't provide a password in there by default, and if a user did want to put one in /etc/mysql/my.cnf, it would be so that all clients on the system could access it getting the password automatically, hence no need for limited permissions.

I recommend security mark as WONTFIX - there is a lot more need to have the my.cnf world readable so that unprivileged clients can get the rest of their settings.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-04 23:16:39 UTC 
Closing as WONTFIX as requested by Robin. If anyone disagrees feel free to reopen.