Bug 112774 - Access rights of /etc/squirrelmail/config.php
Summary: Access rights of /etc/squirrelmail/config.php
Alias: None
Product: Fedora
Classification: Fedora
Component: squirrelmail   
(Show other bugs)
Version: 1
Hardware: All Linux
Target Milestone: ---
Assignee: Gary Benson
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2003-12-31 10:53 UTC by Adrian Offerman
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-01-08 12:33:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Adrian Offerman 2003-12-31 10:53:47 UTC
Description of problem:

When using MySQL or another database as a back-end to SquirrelMail,
/etc/squirrelmail/config.php contains the database name and password.
So it's access rights should be limited (now root:root 644, so anyone
can read this, and screw up the SquirrelMail database).

Since Apache (running as apache:apache) should still be able to read
this file, its rights could for example be changed to root:apache 640.

Comment 1 Gary Benson 2004-01-08 12:33:38 UTC
I fixed this in FC2, but I'm not going to errata it for the simple
reason that rpm won't change the permissions during the upgrade.

Note You need to log in before you can comment on or make changes to this bug.