Re: [d-security] Re: root's home world readable
Christian Hammers <ch@westend.com> writes:
> On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > > There is at least one package in Debian that requires you to put
> > > sensitive information in /root. The mysql server package needs you to
> > > have a .my.cnf in the /root if you want the logs to rotate. The
> > > my.cnf contains the clear text version of the root password to the
> > > database.
> >
> > This is a bug. The file should be in /etc (if, as it sounds like,
> > it's a system-wide configuration file).
> It is not (a system wide configuration file) but at least in recent
> versions you can archive the needed functionality by creating a "debian"
> system user with sufficent privileges. This is planned but I though I
> implement it after the next freeze (well err, that's what I though half a
> year ago, probably the main freeze is far enough away to change it before
> testing will be released)
What?
If it's a way to get "the logs" to rotate, that sure sounds like a
system-wide option. If it's a root password to a system-wide
database, then that's also a system-wide option.
I don't know what "archive the needed functionality" means.
If these are system-wide options, they belong in /etc. They do not
belong in ~root, and they do not belong in ~debian.
Reply to: