[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [d-security] Re: root's home world readable

On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > There is at least one package in Debian that requires you to put
> > sensitive information in /root.  The mysql server package needs you to
> > have a .my.cnf in the /root if you want the logs to rotate.  The
> > my.cnf contains the clear text version of the root password to the
> > database.
> 
> This is a bug.  The file should be in /etc (if, as it sounds like,
> it's a system-wide configuration file).
It is not (a system wide configuration file) but at least in recent 
versions you can archive the needed functionality by creating a "debian" 
system user with sufficent privileges. This is planned but I though I
implement it after the next freeze (well err, that's what I though half a 
year ago, probably the main freeze is far enough away to change it before
testing will be released)

bye,

    -christian- / mysql maintainer aka "the one to blame"

-- 
 I am Homer of Borg.  Resistance is futi...  Mmmmm, donuts!
Reply to: