This bug was fixed in the package mysql-dfsg-5.1 - 5.1.43-1ubuntu2 --------------- mysql-dfsg-5.1 (5.1.43-1ubuntu2) maverick; urgency=low
[Marc Deslauriers] * debian/mysql-server-5.0.preinst: Set mysql user's home directory to /nonexistent to protect against having the /var/lib/mysql user-writeable. If an attacker can trick mysqld into creating dot files in the home directory, he could do .rhost-like attacks on the system. (LP: #293258) [Chuck Short] * debian/mysql-server-5.1.mysql.upstart: Dont wait forever for a ping from the mysql server. It might not be configured properly. (LP: #551097) -- Chuck Short <zul...@ubuntu.com> Thu, 20 May 2010 15:35:48 -0400 ** Changed in: mysql-dfsg-5.1 (Ubuntu) Status: Confirmed => Fix Released -- mysql user has home directory writable by mysqld https://bugs.launchpad.net/bugs/293258 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs