112774 – Access rights of /etc/squirrelmail/config.php

Bug 112774 - Access rights of /etc/squirrelmail/config.php

Summary: Access rights of /etc/squirrelmail/config.php

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	squirrelmail
Sub Component:
Version:	1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Gary Benson
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-12-31 10:53 UTC by Adrian Offerman
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2004-01-08 12:33:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Adrian Offerman 2003-12-31 10:53:47 UTC

Description of problem:

When using MySQL or another database as a back-end to SquirrelMail,
/etc/squirrelmail/config.php contains the database name and password.
So it's access rights should be limited (now root:root 644, so anyone
can read this, and screw up the SquirrelMail database).

Since Apache (running as apache:apache) should still be able to read
this file, its rights could for example be changed to root:apache 640.

Comment 1 Gary Benson 2004-01-08 12:33:38 UTC

I fixed this in FC2, but I'm not going to errata it for the simple
reason that rpm won't change the permissions during the upgrade.

Note You need to log in before you can comment on or make changes to this bug.