MDEV-9081 - Debian: insecure debian-sys-maint password handling

Set umask so that newly created file is not readable by others. This is a quick fix to close security gap. To be replaced by MDEV-8375 - passwordless root login.
10 years ago · 87e6873ce9
1 changed files with 2 additions and 0 deletions
--- a/debian/mariadb-server-10.1.postinst
+++ b/debian/mariadb-server-10.1.postinst
@ -157,7 +157,9 @@ EOF
    else
 	pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
        if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
+        umask 066
        cat /dev/null > $dc
+        umask 022
        echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
        echo "[client]"                                                    >>$dc
        echo "host     = localhost"                                        >>$dc