[Bug 375371] Re: MySQL must not use /tmp

Jamie Strandboge jamie at ubuntu.com
Mon Aug 16 16:33:37 BST 2010


Bug #578922 discusses security implications of having MySQL use /tmp as
its temporary directory, and I have redirected that part of the
discussion of that bug here. Basically, if MySQL can write to a world-
readable directory, then an SQL injection in a web application could
write out a file to later be included in that web application for
arbitrary code execution. If you are going to move the temporary
directory, would it be possible to either make that directory 700 or 750
and if not set the mysql umask to 077 or 027?

-- 
MySQL must not use /tmp
https://bugs.launchpad.net/bugs/375371
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to mysql-dfsg-5.1 in ubuntu.



More information about the Ubuntu-server-bugs mailing list