Permalink
Browse files

Changed default mode for journal files created by sqlite.

Previous to this, the temporary journal files created by sqlite
were globally readable, leading to the possible leakage of
sensitive data (CVE-2011-3901).

Change-Id: I87ab2dd23c60060b88873a2a587fc50377e6ab76
  • Loading branch information...
gcondra committed Dec 18, 2011
1 parent 90f2368 commit 2c8c9ae3b7e6f340a19a0001c2a889a211c9d8b2
Showing with 1 addition and 1 deletion.
  1. +1 −1 dist/Android.mk
View
@@ -12,7 +12,7 @@ common_src_files := sqlite3.c
# SQLITE_TEMP_STORE=3 causes all TEMP files to go into RAM. and thats the behavior we want
# SQLITE_ENABLE_FTS3 enables usage of FTS3 - NOT FTS1 or 2.
# SQLITE_DEFAULT_AUTOVACUUM=1 causes the databases to be subject to auto-vacuum
-sqlite_cflags := -DHAVE_USLEEP=1 -DSQLITE_DEFAULT_JOURNAL_SIZE_LIMIT=1048576 -DSQLITE_THREADSAFE=1 -DNDEBUG=1 -DSQLITE_ENABLE_MEMORY_MANAGEMENT=1 -DSQLITE_DEFAULT_AUTOVACUUM=1 -DSQLITE_TEMP_STORE=3 -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_FTS3_BACKWARDS
+sqlite_cflags := -DHAVE_USLEEP=1 -DSQLITE_DEFAULT_JOURNAL_SIZE_LIMIT=1048576 -DSQLITE_THREADSAFE=1 -DNDEBUG=1 -DSQLITE_ENABLE_MEMORY_MANAGEMENT=1 -DSQLITE_DEFAULT_AUTOVACUUM=1 -DSQLITE_TEMP_STORE=3 -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_FTS3_BACKWARDS -DSQLITE_DEFAULT_FILE_PERMISSIONS=0600
# the device library
include $(CLEAR_VARS)

0 comments on commit 2c8c9ae

Please sign in to comment.