Created attachment 176799 [details] v1 patch # issue couchdb config files and databases should only be readable by the API, or user/group members of couchdb/couchdb. The current port provides direct access for non-privileged local users through the filesystem, allowing bypassing of the reader/writer privileges enforced by CouchDB API. # fix restrict all couch-related runtime data to 0750/0640 permissions and 0600 specially for the local.ini file which contains PBKDF2- hashed database administrator level passwords.
bump olgeni@
A commit references this bug: Author: olgeni Date: Fri Dec 16 09:21:24 UTC 2016 New revision: 428664 URL: https://svnweb.freebsd.org/changeset/ports/428664 Log: Use more restrictive permissions for CouchDB's data and configuration files. PR: 214334 Submitted by: Dave Cottlehuber Changes: head/databases/couchdb/Makefile head/databases/couchdb/pkg-plist
Fixed - thank you!