Bug #578922 discusses security implications of having MySQL use /tmp as its temporary directory, and I have redirected that part of the discussion of that bug here. Basically, if MySQL can write to a world- readable directory, then an SQL injection in a web application could write out a file to later be included in that web application for arbitrary code execution. If you are going to move the temporary directory, would it be possible to either make that directory 700 or 750 and if not set the mysql umask to 077 or 027?
-- MySQL must not use /tmp https://bugs.launchpad.net/bugs/375371 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
