Description of problem: Setting up a bugzilla test server, /usr/share/bugzilla/checksetup.pl is generating the file /etc/bugzilla/localconfig. This file is world readable if no special umask is set and usually contains the password of the database. This should be noted in the docs. Also checksetup.pl could change the perms on the file together with setting up e.g. /usr/share/bugzilla and other perm changes. Or maybe the /etc/bugzilla/ dir could be shipped with other perms by default, to make sure security is not a concern. ??? I don't think this is a real security flaw, but soemthing you could think about improving in the rpm packages. regards, Florian La Roche Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
bugzilla-3.0.4-1.fc7 has been submitted as an update for Fedora 7
bugzilla-3.0.4-1.fc8 has been submitted as an update for Fedora 8
bugzilla-3.0.4-1.fc9 has been submitted as an update for Fedora 9
bugzilla-3.0.4-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
bugzilla-3.0.4-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
bugzilla-3.0.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.