Control: tags -1 moreinfo unreproducible Hi Simon,
Thanks for reporting this serious issue. On 20-11-15 15:07, Simon Ruderich wrote: > dbconfig-common creates a backup of the database on update and > stores it in /var/cache/dbconfig-common/backups/. However the > permissions are readable for all users which might expose > sensitive data to all local users. Could you please provide more info, like which package you worked with and which database type? The dbconfig-common package has mysql upgrade examples and they work correctly: root@sid:~# ls -al /var/cache/dbconfig-common/backups/ total 12 drwxr-xr-x 2 root root 4096 Nov 21 08:39 . drwxr-xr-x 3 root root 4096 Jul 12 22:10 .. -rw------- 1 root root 2477 Nov 21 08:35 db-test-mysql_2.0.2015-11-21-08.35.47 Also in my tests with postgresql the code seems to be doing the right thing (albeit I don't have an update in this case, just a dpkg-reconfigure): root@sid:~# ls -al /var/tmp/db-test-pgsql.dbtest.2015-11-21-08.45.pgsql.xeBPjR -rw------- 1 root root 0 Nov 21 08:45 /var/tmp/db-test-pgsql.dbtest.2015-11-21-08.45.pgsql.xeBPjR And also for sqlite(3): root@sid:~# ls -al /var/tmp/db-test-sqlite3.dbtest.2015-11-21-08.50.sqlite3.OLiiGP -rw------- 1 root root 0 Nov 21 08:50 /var/tmp/db-test-sqlite3.dbtest.2015-11-21-08.50.sqlite3.OLiiGP Paul
signature.asc
Description: OpenPGP digital signature
