[Pkg-mediawiki-devel] Bug#462609: mediawiki: README.Debian contains not full information for secured installation

Bob Rutsky altsysrq at gmail.com
Sat Jan 26 04:02:40 UTC 2008

Package: mediawiki
Version: 1:1.11.0-3
Severity: minor

README.Debian says:
"Then just copy the generated config to the real system location" 
But generated configuration file has diabolic permissions 0666, and this 
config contains
security information like wiki database password.
Mediawiki installation script says:
"You should change file permissions for LocalSettings.php as required to 
prevent other users on the server
reading passwords and altering configuration data.",
I think this message should be putted in README.Debian too.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (497, 'unstable'), (495, 'stable'), 
(493, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-3-amd64 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mediawiki depends on:
ii  apache2                       2.2.6-3    Next generation, scalable, 
ii  apache2-mpm-prefork [httpd]   2.2.6-3    Traditional model for Apache 
ii  debconf [debconf-2.0]         1.5.18     Debian configuration management 
ii  mime-support                  3.39-1     MIME files 'mime.types' 
& 'mailcap
ii  php5                          5.2.4-2    server-side, HTML-embedded 
ii  php5-mysql                    5.2.4-2+b1 MySQL module for php5

Versions of packages mediawiki recommends:
ii  mysql-server                  5.0.45-5   MySQL database server (meta 
ii  mysql-server-5.0 [mysql-serve 5.0.45-5   MySQL database server binaries
ii  php5-cli                      5.2.4-2+b1 command-line interpreter for the 

-- debconf-show failed

More information about the Pkg-mediawiki-devel mailing list