Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22482

pam v2: mysql_upgrade doesn't fix the ownership/privileges of auth_pam_tool

    XMLWordPrintable

Details

    Description

      As part of MDEV-19876, some code was added to mysql_install_db that fixes the ownership and privileges of auth_pam_tool:

      https://github.com/mariadb/server/commit/11f3e2366282eb8cf1cb0062793d102067db6472

      Now, we have code that fixes the ownership and privileges of auth_pam_tool in the following cases:

      • If the MariaDB-server RPM is installed by the root user, then it will properly set the ownership and privileges of the auth_pam_tool binary.
      • If the mariadb-server DEB is installed by the root user, then it will properly set the ownership and privileges of the auth_pam_tool binary.
      • If mysql_install_db is run by the root user, then it will properly set the ownership and privileges of the auth_pam_tool binary.

      This still leaves a big gap, because:

      • If someone is using a binary tarball installation, then the RPM and DEB improvements won't help them.
      • If someone is performing an upgrade, rather than a fresh install, then the mysql_install_db improvements won't help them.

      It seems as though mysql_upgrade should also try to fix the ownership and privileges of auth_pam_tool, so that these cases are also covered.

      Attachments

        Issue Links

          is caused by

          Task - A task that needs to be done. MDEV-7032 new pam plugin with a suid wrapper

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Task - A task that needs to be done. MDEV-15473 Isolate/sandbox PAM modules, so that they can't crash the server

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Task - A task that needs to be done. MDEV-19850 per-plugin install/uninstall scriptlets

          • Major - Major loss of function.
          • Stalled

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19876 pam v2: auth_pam_tool_dir and auth_pam_tool permissions are wrong in RPMs

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20205 mysql_install_db shouldn't execute chown

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22459 pam v2 should log an error if auth_pam_tool exec fails

          • Major - Major loss of function.
          • Closed

          Activity

            People

              serg Sergei Golubchik
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.