[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#832908: mongodb: CVE-2016-6494: world-readable .dbshell history file: LTS update and upgrade handling

> 2) How do you plan to handle the "upgrade case" that is will you try to
> change the permission on already created history file or will you just
> handle the creation case?

For redis, what I did was set and then unset the umask (for creation) and
chmod(2) the file afterwards to "upgrade" existing ones.

I don't recommend a postinst approach (ie. chmod 0600 /home/*/.filename) for
various reasons.


     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk

Reply to: