Make master key unreadable to others (bug #410)

author Jakub Vrana <jakub@vrana.cz>

Thu, 26 Jun 2014 11:22:46 +0000 (13:22 +0200)

committer Jakub Vrana <jakub@vrana.cz>

Thu, 26 Jun 2014 11:30:02 +0000 (13:30 +0200)
author Jakub Vrana <jakub@vrana.cz>
Thu, 26 Jun 2014 11:22:46 +0000 (13:22 +0200)
committer Jakub Vrana <jakub@vrana.cz>
Thu, 26 Jun 2014 11:30:02 +0000 (13:30 +0200)
diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php

index 3c4ba743f7de1bf5ad0e29c71535a6925307ee6c..86246ad8379bb15d50dc29ac2e9d53003895fd65 100644 (file)
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -1065,6 +1065,7 @@ function password_file($create) {
         if ($return || !$create) {
                 return $return;
         }
+       umask(066);
         $fp = @fopen($filename, "w"); // @ - can have insufficient rights //! is not atomic
         if ($fp) {
                 $return = rand_string();
diff --git a/changes.txt b/changes.txt

index ad042483d565f8e23ac27d8ce93f6fcf35f6e8b7..bb465bc8adbe242536a935e9640e34df6c66f743 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,6 +1,7 @@
  Adminer 4.1.1-dev:
  Fix reading routine column collations
  Unlock session in alter database
+Make master key unreadable to others (bug #410)
  MySQL: Use utf8mb4 if available
  
  Adminer 4.1.0 (released 2014-04-18)
author	Jakub Vrana <jakub@vrana.cz>
	Thu, 26 Jun 2014 11:22:46 +0000 (13:22 +0200)
committer	Jakub Vrana <jakub@vrana.cz>
	Thu, 26 Jun 2014 11:30:02 +0000 (13:30 +0200)
adminer/include/functions.inc.php		patch \| blob \| history
changes.txt		patch \| blob \| history