From 87e6873ce91831c247331a8964c3267952efe95a Mon Sep 17 00:00:00 2001
From: Sergey Vojtovich <svoj@mariadb.org>
Date: Mon, 21 Dec 2015 14:40:41 +0400
Subject: MDEV-9081 - Debian: insecure debian-sys-maint password handling

Set umask so that newly created file is not readable by others. This is a quick
fix to close security gap. To be replaced by MDEV-8375 - passwordless root
login.
---
 debian/mariadb-server-10.1.postinst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'debian')

diff --git a/debian/mariadb-server-10.1.postinst b/debian/mariadb-server-10.1.postinst
index 0f35802a884..63b7c0c0be2 100644
--- a/debian/mariadb-server-10.1.postinst
+++ b/debian/mariadb-server-10.1.postinst
@@ -157,7 +157,9 @@ EOF
     else
 	pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
         if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
+        umask 066
         cat /dev/null > $dc
+        umask 022
         echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
         echo "[client]"                                                    >>$dc
         echo "host     = localhost"                                        >>$dc
-- 
cgit v1.2.1