Bug 112774 - Access rights of /etc/squirrelmail/config.php
Summary: Access rights of /etc/squirrelmail/config.php
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: squirrelmail
Version: 1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Gary Benson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-12-31 10:53 UTC by Adrian Offerman
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-01-08 12:33:38 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Adrian Offerman 2003-12-31 10:53:47 UTC
Description of problem:

When using MySQL or another database as a back-end to SquirrelMail,
/etc/squirrelmail/config.php contains the database name and password.
So it's access rights should be limited (now root:root 644, so anyone
can read this, and screw up the SquirrelMail database).

Since Apache (running as apache:apache) should still be able to read
this file, its rights could for example be changed to root:apache 640.

Comment 1 Gary Benson 2004-01-08 12:33:38 UTC
I fixed this in FC2, but I'm not going to errata it for the simple
reason that rpm won't change the permissions during the upgrade.


Note You need to log in before you can comment on or make changes to this bug.