Package: mysql-server-4.1 Version: 4.1.15-1 Severity: grave Tags: security Justification: user security hole
Hello, I just ran a query 'select into outfile' on a vanilla Sarge install as user root with umask 027. The MySQL server itself has umask 077 in it's start script. Nevertheless, the exported file ended up having mode 0666 instead of 0640 or 0600, as expected. I consider this a security hole because it allows not only unwarranted read access, but also undetectable modification of such an export file if this file is eg. created in /tmp. Workaround: Create a directory that allows only root and mysql access, and export to a file into this directory. Best, --Toni++ -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27-2-686-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages mysql-server-4.1 depends on: ii adduser 3.85 Add and remove users and groups ii debconf [debconf 1.4.72 Debian configuration management sy ii libc6 2.3.6-5 GNU C Library: Shared libraries an ii libdbi-perl 1.50-2 Perl5 database interface by Tim Bu ii libgcc1 1:4.1.0-1 GCC support library ii libmysqlclient14 4.1.15-1 mysql database client library ii libncurses5 5.5-1 Shared libraries for terminal hand ii libreadline5 5.1-7 GNU readline and history libraries ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3 ii libwrap0 7.6.dbs-9 Wietse Venema's TCP wrappers libra ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii mysql-client-5.0 5.0.19-3 mysql database client binaries ii mysql-common 5.0.19-3 mysql database common files (e.g. ii passwd 1:4.0.15-2 change and administer password and ii perl 5.8.8-3 Larry Wall's Practical Extraction ii psmisc 22.2-1 Utilities that use the proc filesy ii zlib1g 1:1.2.3-11 compression library - runtime mysql-server-4.1 recommends no packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]