Package: tutos Version: 1.1.20031017-2+1sarge1 Severity: normal after installation of tutos and before running the scheme.php-script, the file /etc/tutos/config.pinc, that contains the password for the database, has 644 file-permissions. therefore it is readable by every user on the system by default.
webbox333:/etc# ls -ld tutos drwxr-xr-x 2 root root 4096 Mar 15 09:48 tutos webbox333:/etc# ls -l tutos total 40 -rw-r--r-- 1 root root 2738 Feb 13 12:29 apache.conf -rw-r--r-- 1 root root 442 Mar 15 09:48 config.pinc -rw-r--r-- 1 root root 17542 Feb 13 12:29 config_default.pinc -rw-r--r-- 1 root root 3 Feb 13 12:29 lang_custom -rw-r--r-- 1 root root 53 Feb 13 12:29 lang_custom.p3 -rw-r--r-- 1 root root 2116 Feb 13 12:29 modules.pinc -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27-2-k7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages tutos depends on: ii apache 1.3.34-2 versatile, high-performance HTTP s ii debconf 1.4.71 Debian configuration management sy ii php4 4:4.4.2-1 server-side, HTML-embedded scripti ii php4-mysql 4:4.4.2-1 MySQL module for php4 ii wwwconfig-common 0.0.44 Debian web auto configuration Versions of packages tutos recommends: ii logrotate 3.7.1-2 Log rotation utility ii mysql-server-4.1 [mysql-serve 4.1.15-1 mysql database server binaries -- debconf information: tutos/mismatch: tutos/notconfigured: * tutos/dbu_name: root * tutos/db_server: mysql-server * tutos/dba_name: root * tutos/create_tables: * tutos/db_host: localhost * tutos/webserver: apache -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
