Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
mosquitto.db can be read by all [SECURITY] #468
mosquitto.db file is world readable. This is, obviously, leading to the possibility of every local user to read the topic database and values at any given time. (permission rw-r--r--).
A security vulnerability such as this may prove disastorous to sensitive or secret data that can be contained within it.
Mitigation will be scoping the permission scheme to a specific user, that is running the mosquitto service.
Tested on an up-to-date raspberry pi 3 with the latest release of mosquitto.