From b0f7dc13ea14331c5020158cf1f68cc051507a0a Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Thu, 14 Sep 2017 11:26:17 +0200
Subject: [PATCH] restrict permissions for db-dump during prepareDBDump

---
 install/lib/update.lib.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
index 6f29acefd..4fc35c3ab 100644
--- a/install/lib/update.lib.php
+++ b/install/lib/update.lib.php
@@ -59,6 +59,8 @@ function prepareDBDump() {
 
 		system("mysqldump -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -c -t --add-drop-table --create-options --quick --result-file=existing_db.sql ".$conf['mysql']['database']);
 	}
+	chmod('existing_db.sql', 0400);
+	chown('existing_db.sql', 'root');
 
 	/*
 	 * If we have a server with nothing in it except VE's then the database of thie server is empty.
-- 
GitLab