Re: [d-security] Re: root's home world readable

[tb@becket.net (Thomas Bushnell, BSG)]

Christian Hammers <ch@westend.com> writes:

> On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > > There is at least one package in Debian that requires you to put
> > > sensitive information in /root.  The mysql server package needs you to
> > > have a .my.cnf in the /root if you want the logs to rotate.  The
> > > my.cnf contains the clear text version of the root password to the
> > > database.
> > 
> > This is a bug.  The file should be in /etc (if, as it sounds like,
> > it's a system-wide configuration file).
> It is not (a system wide configuration file) but at least in recent 
> versions you can archive the needed functionality by creating a "debian" 
> system user with sufficent privileges. This is planned but I though I
> implement it after the next freeze (well err, that's what I though half a 
> year ago, probably the main freeze is far enough away to change it before
> testing will be released)

What? 

If it's a way to get "the logs" to rotate, that sure sounds like a
system-wide option.  If it's a root password to a system-wide
database, then that's also a system-wide option.  

I don't know what "archive the needed functionality" means.

If these are system-wide options, they belong in /etc.  They do not
belong in ~root, and they do not belong in ~debian.