Posted by anarcat on September 28, 2009 at 9:16pm
Jump to:
| Project: | Provision |
| Version: | 6.x-0.4-alpha1 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
The database backup is readable by all, which makes it accessible by the webserver. The mode should at least be safe enough so that the webserver cannot read it (umask 077 or something).
Comments
#1
There's actually two problems here:
1. in some cases (interruption?) backup leaves the file lying around (this is more likely a drush issue, see #590634: interruptions should launch rollbacks), and;
2. more importantly: the file is world-readable. this is the issue at hand here.
#2
Doesn't the database dump get deleted post-backup and post-restore?
And backups live outside the document root?
Or are you talking about the fleeting moment where it drops it in database.sql before tarring up the whole directory?
Edit: nevermind I see you point out that an interruption will leave the dump lying around. Helps if I read properly :)
#3
Think I've fixed this in HEAD, file is chmod to 600 on successful writing of the dump file.
#4
Yeah, so that's what I'm talking about: the database.sql gets created with too permissive... permissions. That file can be read while the dump is created, even if the permissions are fixed in the end. It needs to be created with the proper permissions (you can use umask for that).
#5
A better fix committed to HEAD. Thanks
#6
Automatically closed -- issue fixed for 2 weeks with no activity.