Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8825

mysql_upgrade leaks the admin password when it spawns a shell process to execute mysqlcheck

Details

    Description

      Running mysql_upgrade on a server with a large number of database might take a while. During this time, if any user on the system does a ps axf, the user will see the mysql admin password in plain text:

      ...
      		 
       7089 ?        S      0:00  |           \_ /opt/bin/mysql_upgrade -u root -pxxxxxxxx
      		 
       7224 ?        S      0:00  |               \_ sh -c '/opt/bin/mysqlcheck' '--no-defaults' '--user=root' '--password=GiuxphAI' '--user=root'  '--check-upgrade'
      		 
       7225 ?        S      0:00  |                   \_ /opt/bin/mysqlcheck --no-defaults --user=root --password=x xxxxxx --user=root --check-upgrade --auto-repair
      		 
      ...

      So, although the mysqlcheck command itself hides the password in the process listing, it leaks because myslq_upgrade shell out to execute the command. A possible fix (although I don't know anything about mariadb code) is to avoid shell-ing out and doing a fork+exec instead.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          lonetwin lonetwin created issue -
          lonetwin lonetwin made changes -
          Field Original Value New Value
          Environment {noformat}
          $ mysql --version
          mysql Ver 15.1 Distrib 10.0.19-MariaDB, for Linux (x86_64) using readline 5.1
          {noformat}           		mysql Ver 15.1 Distrib 10.0.19-MariaDB, for Linux (x86_64) using readline 5.1
          lonetwin lonetwin made changes -
          Affects Version/s 10.0.21-galera [ 19501 ]
          elenst Elena Stepanova made changes -
          Status Open [ 1 ] Confirmed [ 10101 ]
          elenst Elena Stepanova added a comment -

          Thanks for the report.

          Same with MySQL 5.6, but MySQL 5.7 does it differently.

          elenst Elena Stepanova added a comment - Thanks for the report. Same with MySQL 5.6, but MySQL 5.7 does it differently.
          elenst Elena Stepanova made changes -
          Fix Version/s 10.1 [ 16100 ]
          Affects Version/s 10.1 [ 16100 ]
          Affects Version/s 10.0 [ 16000 ]
          Affects Version/s 5.5 [ 15800 ]
          Affects Version/s 10.0.21-galera [ 19501 ]
          Affects Version/s 10.0.19-galera [ 18820 ]
          Assignee Sergei Golubchik [ serg ]
          Labels upstream-fixed
          serg Sergei Golubchik made changes -
          Fix Version/s 5.5 [ 15800 ]
          Fix Version/s 10.0 [ 16000 ]
          serg Sergei Golubchik made changes -
          Status Confirmed [ 10101 ] In Progress [ 3 ]
          serg Sergei Golubchik made changes -
          Assignee Sergei Golubchik [ serg ] Vladislav Vaintroub [ wlad ]
          Status In Progress [ 3 ] In Review [ 10002 ]
          serg Sergei Golubchik made changes -
          Assignee Vladislav Vaintroub [ wlad ] Sergei Golubchik [ serg ]
          serg Sergei Golubchik made changes -
          Fix Version/s 5.5.47 [ 20300 ]
          Fix Version/s 10.0.23 [ 20401 ]
          Fix Version/s 10.1.10 [ 20402 ]
          Fix Version/s 5.5 [ 15800 ]
          Fix Version/s 10.0 [ 16000 ]
          Fix Version/s 10.1 [ 16100 ]
          Resolution Fixed [ 1 ]
          Status In Review [ 10002 ] Closed [ 6 ]
          serg Sergei Golubchik added a comment -

          Now mysql_upgrade uses a temporary config file to pass the password and other common arguments to tools. So the command line will only show something like --defaults-file=/tmp/mysql_upgrade-16ECAD7. The temporary file is chmod 600.

          serg Sergei Golubchik added a comment - Now mysql_upgrade uses a temporary config file to pass the password and other common arguments to tools. So the command line will only show something like --defaults-file=/tmp/mysql_upgrade-16ECAD7 . The temporary file is chmod 600.
          serg Sergei Golubchik made changes -
          Workflow MariaDB v3 [ 71701 ] MariaDB v4 [ 149630 ]

          People

            serg Sergei Golubchik
            lonetwin lonetwin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.