112774 – Access rights of /etc/squirrelmail/config.php

Bug 112774 - Access rights of /etc/squirrelmail/config.php

Summary: Access rights of /etc/squirrelmail/config.php

Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	squirrelmail
Sub Component:	(Show other bugs)
Version:	1
Hardware:	All Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Gary Benson
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:	Security
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-12-31 10:53 UTC by Adrian Offerman
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2004-01-08 12:33:38 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Adrian Offerman 2003-12-31 10:53:47 UTC

Description of problem:

When using MySQL or another database as a back-end to SquirrelMail,
/etc/squirrelmail/config.php contains the database name and password.
So it's access rights should be limited (now root:root 644, so anyone
can read this, and screw up the SquirrelMail database).

Since Apache (running as apache:apache) should still be able to read
this file, its rights could for example be changed to root:apache 640.

Comment 1 Gary Benson 2004-01-08 12:33:38 UTC

I fixed this in FC2, but I'm not going to errata it for the simple
reason that rpm won't change the permissions during the upgrade.

Note You need to log in before you can comment on or make changes to this bug.