This bug was fixed in the package mysql-dfsg-5.1 - 5.1.43-1ubuntu2
---------------
mysql-dfsg-5.1 (5.1.43-1ubuntu2) maverick; urgency=low
[Marc Deslauriers]
* debian/mysql-server-5.0.preinst: Set mysql user's home directory
to /nonexistent to protect against having the /var/lib/mysql
user-writeable. If an attacker can trick mysqld into creating
dot files in the home directory, he could do .rhost-like attacks
on the system. (LP: #293258)
[Chuck Short]
* debian/mysql-server-5.1.mysql.upstart: Dont wait forever for a ping from
the mysql server. It might not be configured properly. (LP: #551097)
-- Chuck Short <zul...@ubuntu.com> Thu, 20 May 2010 15:35:48 -0400
** Changed in: mysql-dfsg-5.1 (Ubuntu)
Status: Confirmed => Fix Released
--
mysql user has home directory writable by mysqld
https://bugs.launchpad.net/bugs/293258
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
