[debian-mysql] Bug#663245: mylvmbackup: possible insecure temporary file creation
Stevie Trujillo
stevie.trujillo at gmail.com
Fri Mar 9 19:21:10 UTC 2012
Package: mylvmbackup
Version: 0.13-1
Severity: normal
/usr/bin/mylvmbackup:
line 40 my $TMP= ($ENV{TMPDIR} || "/tmp");
line 619 my $command="echo 'select 1;' | $mysqld_safe --socket=$TMP/mylvmbackup.sock --pid-file=$pidfile --log-error=$TMP/mylvmbackup_recoverserver.err --datadir=$mountdir/$relpath --skip-networking --skip-grant --bootstrap --skip-ndbcluster --skip-slave-start";
I have no idea how MySQL works, but assuming it writes to --log-error=$TMP/mylvmbackup_recoverserver.err
I think bad things might happen if it's symlinked to another place?
Also, is there a reason
#518471 - mylvmbackup: Too wide permissions for tarballs
is not in Debian Stable?
-- System Information:
Debian Release: 6.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mylvmbackup depends on:
ii libconfig-inifiles-perl 2.52-1 Read .ini-style configuration file
ii libdbd-mysql-perl 4.016-1 Perl5 database interface to the My
ii libtimedate-perl 1.2000-1 collection of modules to manipulat
ii lvm2 2.02.66-5 The Linux Logical Volume Manager
mylvmbackup recommends no packages.
Versions of packages mylvmbackup suggests:
ii mysql-server 5.1.49-3 MySQL database server (metapackage
ii mysql-server-5.1 [mysql-serve 5.1.49-3 MySQL database server binaries and
-- Configuration Files:
/etc/mylvmbackup.conf [Errno 13] Permission denied: u'/etc/mylvmbackup.conf'
-- no debconf information
More information about the pkg-mysql-maint
mailing list