Bug #47589 Chassis should refuse configfile readable to everyone
Submitted: 24 Sep 11:39 Modified: 24 Sep 11:45
Reporter: Thomas Nielsen
Status: Verified
Category:Proxy: Core Severity:S3 (Non-critical)
Version:0.8.0 OS:Any
Assigned to: Target Version:
Triage: Needs Triage: D3 (Medium)

[24 Sep 11:39] Thomas Nielsen 
Description:
The proxy chassis currently accepts starting with config files that are readable to
everyone. This is a security issue since the file contains the users plaintext password.

How to repeat:
* Create your default config file, i.e myproxycfg.ini
* chmod 777 myproxycfg.ini
* ./bin/mysql-proxy --defaults-file=/path/to/myproxycfg.ini

... which starts fine. Ideally this should result in an error exit and sensible user
error message.

* chmod 600 myproxycfg.ini
* ./bin/mysql-proxy --defaults-file=/path/to/myproxycfg.ini

starts fine - as expected.

Suggested fix:
* on startup, check permissions for config file, and exit with error if incorrect
permissions set.
[24 Sep 11:45] Sveta Smirnova 
Thank you for the report.

Verified as described.