diff options
| author | Sergey Vojtovich <svoj@mariadb.org> | 2015-12-21 14:40:41 +0400 |
|---|---|---|
| committer | Sergey Vojtovich <svoj@mariadb.org> | 2015-12-22 19:13:51 +0400 |
| commit | 87e6873ce91831c247331a8964c3267952efe95a (patch) | |
| tree | e31c3a15e1008e79ae535b3f54f5b8ebdf246c85 /debian | |
| parent | c597ed01112c2f6549c59e6548d4ff53803487df (diff) | |
| download | mariadb-git-87e6873ce91831c247331a8964c3267952efe95a.tar.gz | |
MDEV-9081 - Debian: insecure debian-sys-maint password handling
Set umask so that newly created file is not readable by others. This is a quick
fix to close security gap. To be replaced by MDEV-8375 - passwordless root
login.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/mariadb-server-10.1.postinst | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/debian/mariadb-server-10.1.postinst b/debian/mariadb-server-10.1.postinst index 0f35802a884..63b7c0c0be2 100644 --- a/debian/mariadb-server-10.1.postinst +++ b/debian/mariadb-server-10.1.postinst @@ -157,7 +157,9 @@ EOF else pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`; if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi + umask 066 cat /dev/null > $dc + umask 022 echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc echo "[client]" >>$dc echo "host = localhost" >>$dc |