[MDEV-8825] mysql_upgrade leaks the admin password when it spawns a shell process to execute mysqlcheck - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5, 10.0, 10.1
Fix Version/s: 5.5.47, 10.0.23, 10.1.10
Component/s: Scripts & Clients
Labels:
- upstream-fixed
Environment:
mysql Ver 15.1 Distrib 10.0.19-MariaDB, for Linux (x86_64) using readline 5.1

Description

Running mysql_upgrade on a server with a large number of database might take a while. During this time, if any user on the system does a ps axf, the user will see the mysql admin password in plain text:

...

 7089 ?        S      0:00  |           \_ /opt/bin/mysql_upgrade -u root -pxxxxxxxx

 7224 ?        S      0:00  |               \_ sh -c '/opt/bin/mysqlcheck' '--no-defaults' '--user=root' '--password=GiuxphAI' '--user=root'  '--check-upgrade'

 7225 ?        S      0:00  |                   \_ /opt/bin/mysqlcheck --no-defaults --user=root --password=x xxxxxx --user=root --check-upgrade --auto-repair

...

So, although the mysqlcheck command itself hides the password in the process listing, it leaks because myslq_upgrade shell out to execute the command. A possible fix (although I don't know anything about mariadb code) is to avoid shell-ing out and doing a fork+exec instead.

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: lonetwin

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2015-09-21 10:22

Updated:: 2015-12-08 12:02

Resolved:: 2015-12-08 11:59

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.