Bug 112774 - Access rights of /etc/squirrelmail/config.php
Access rights of /etc/squirrelmail/config.php
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: squirrelmail (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Gary Benson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-31 05:53 EST by Adrian Offerman
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-08 07:33:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adrian Offerman 2003-12-31 05:53:47 EST
Description of problem:

When using MySQL or another database as a back-end to SquirrelMail,
/etc/squirrelmail/config.php contains the database name and password.
So it's access rights should be limited (now root:root 644, so anyone
can read this, and screw up the SquirrelMail database).

Since Apache (running as apache:apache) should still be able to read
this file, its rights could for example be changed to root:apache 640.
Comment 1 Gary Benson 2004-01-08 07:33:38 EST
I fixed this in FC2, but I'm not going to errata it for the simple
reason that rpm won't change the permissions during the upgrade.

Note You need to log in before you can comment on or make changes to this bug.