FS#10058 - mysqld rc script creates insecure dummy log
Attached to Project:
Arch Linux
Opened by Loui Chang (louipc) - Wednesday, 02 April 2008, 00:49 GMT
Last edited by Douglas Soares de Andrade (dsa) - Sunday, 11 January 2009, 12:25 GMT
Opened by Loui Chang (louipc) - Wednesday, 02 April 2008, 00:49 GMT
Last edited by Douglas Soares de Andrade (dsa) - Sunday, 11 January 2009, 12:25 GMT
|
Details
Description:
mysql 5.0.51-3 The mysqld startup script touches the default mysqld.log location but doesn't do anything to secure it from reading by non privileged users. Databases can have sensitive information so should not be globally readable. mysqld_safe seems to take care of log creation and security itself when a log file is specified in my.cnf and it has write permission to the directory containing the logs. (personally I just created /var/log/mysql/ and gave it user:group of mysql:mysql) Furthermore the startup script assumes too much (location of log file), which may be incorrect depending on my.cnf Let the admin take care of things him/herself. Patch attached. It would be handy though for a novice user to be able to enable secure logging (with logrotate) by just uncommenting a config option in my.cnf Let me know if you need more files/info. :D 
mysql-5.0.51-3-rc-script.patch
(0.5 KiB)
|
This task depends upon
Closed by Douglas Soares de Andrade (dsa)
Sunday, 11 January 2009, 12:25 GMT
Reason for closing: Fixed
Sunday, 11 January 2009, 12:25 GMT
Reason for closing: Fixed
I almost forgot. Cheers!