MDEV-9081 - Debian: insecure debian-sys-maint password handling

Set umask so that newly created file is not readable by others. This is a quick fix to close security gap. To be replaced by MDEV-8375 - passwordless root login.

MDEV-9081 - Debian: insecure debian-sys-maint password handling
Set umask so that newly created file is not readable by others. This is a quick fix to close security gap. To be replaced by MDEV-8375 - passwordless root login.
87e6873c · Sergey Vojtovich · c597ed01 · 87e6873c
Commit 87e6873c authored Dec 21, 2015 by Sergey Vojtovich
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

debian/mariadb-server-10.1.postinst debian/mariadb-server-10.1.postinst +2 -0

No files found.
--- a/debian/mariadb-server-10.1.postinst
+++ b/debian/mariadb-server-10.1.postinst
@@ -157,7 +157,9 @@ EOF
    else
 	pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
        if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
+        umask 066
        cat /dev/null > $dc
+        umask 022
        echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
        echo "[client]"                                                    >>$dc
        echo "host     = localhost"                                        >>$dc