Hello On 2006-04-07 Toni Mueller wrote: > I just ran a query 'select into outfile' on a vanilla Sarge install as > user root with umask 027. The MySQL server itself has umask 077 in it's > start script. Nevertheless, the exported file ended up having mode 0666 > instead of 0640 or 0600, as expected. I consider this a security hole > because it allows not only unwarranted read access, but also > undetectable modification of such an export file if this file is eg. > created in /tmp.
IIRC this documented exactly this way. mysql currently only writes with mode 0666 and only in world writable directories (so that nobody expects security). Reason was that mysql writes as system user mysql but wants the unprivileged normal system user who runs "/usr/bin/mysql" to be able to "use" these files then. So it seems to me that this is not a bug. It might be improvable design but you should write proposals to http://bugs.mysql.com/ then. bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
