[Pkg-mediawiki-devel] Bug#550940: generated LocalSettings.php should not be world-readable
Marcus Better
marcus at better.se
Wed Oct 14 09:06:33 UTC 2009
Package: mediawiki
Version: 1:1.15.1-1
Severity: important
After running the web-based initial configuration of mediawiki
(/var/lib/mediawiki/config/index.php), it created a LocalSettings.php
and instructed me to place it in /etc/mediawiki:
~$ ls -l /etc/mediawiki/LocalSettings.php
-rw-rw-rw- 1 www-data www-data 4536 14 okt 10.54 /etc/mediawiki/LocalSettings.php
This file contains MySQL passwords and should therefore not be world-readable.
I notice that README.Debian suggests changing this, but the file
should not be created world-readable in the first place.
-- System Information:
Debian Release: squeeze/sid
APT prefers stable
APT policy: (990, 'stable'), (400, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/4 CPU cores)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages mediawiki depends on:
ii apache2 2.2.9-10+lenny4 Apache HTTP Server metapackage
ii apache2-mpm-prefor 2.2.14-1 Apache HTTP Server - traditional n
ii debconf [debconf-2 1.5.27 Debian configuration management sy
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii php5 5.2.6.dfsg.1-1+lenny3 server-side, HTML-embedded scripti
ii php5-mysql 5.2.6.dfsg.1-1+lenny3 MySQL module for php5
Versions of packages mediawiki recommends:
pn mysql-server | pos <none> (no description available)
ii php5-cli 5.2.6.dfsg.1-1+lenny3 command-line interpreter for the p
Versions of packages mediawiki suggests:
pn clamav <none> (no description available)
ii imagemagick 7:6.3.7.9.dfsg2-1~lenny3 image manipulation programs
pn mediawiki-math <none> (no description available)
pn memcached <none> (no description available)
ii php5-gd 5.2.6.dfsg.1-1+lenny3 GD module for php5
-- debconf information:
* mediawiki/webserver: apache2
More information about the Pkg-mediawiki-devel
mailing list