[MCOL-968] ProcMon ignores bind address Created: 2017-10-11  Updated: 2020-04-02  Resolved: 2020-04-02

Status: Closed
Project: MariaDB ColumnStore
Component/s: ProcMgr
Affects Version/s: 1.0.11
Fix Version/s: N/A

Type: New Feature Priority: Major
Reporter: Allan Assignee: Todd Stoffel (Inactive)
Resolution: Won't Do Votes: 0
Labels: None
Environment:

Centos 7


 Description   

in the my.conf file

# The MySQL server
 
[mysqld]
 
# Bind to the local address for this machine (thus preventing external connections)
 
bind-address = 192.168.0.53
 
port = 3306


[root@idb2 ~]# netstat -tulpn | grep Proc
 
tcp        0      0 0.0.0.0:8604            0.0.0.0:*               LISTEN      1807/ProcMon        
tcp        0      0 0.0.0.0:8800            0.0.0.0:*               LISTEN      1807/ProcMon
 
[root@idb2 ~]# netstat -tulpn | grep mysql
 
tcp        0      0 192.168.0.53:3306       0.0.0.0:*               LISTEN      3155/mysqld

note how mysql is on internal only but ProcMon is wide open to connection from anywhere

 Comments   
Comment by David Hill (Inactive) [ 2017-10-11 ]

Correct, the ColumnStore Platform software (excluding mysqld) utilizes Columnstore.xml configuration file. There is no internal binding that is done by the ColumnStore Platform software.
This is can be on Amazon using Security Groups and in normal servers though IP routing changes, but its not supported by the ColumnStore Platform software.

Comment by Allan [ 2017-10-11 ]

Perhaps it should for consistency even though there are other ways to do it. If I had not looked I would have assumed that setting the bind address would have propagated to the other pieces of the system. I only discovered the security problem by accident.

Comment by David Hill (Inactive) [ 2017-10-11 ]

Thanks for the feedback... We will leave this open and have it evaluated for possible feature enhancement.

Generated at Thu Feb 08 02:25:10 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.