[MDEV-8825] mysql_upgrade leaks the admin password when it spawns a shell process to execute mysqlcheck - JIRA

Details

Type: Bug
Status: Confirmed
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.1, 10.0, 5.5
Fix Version/s: 10.1
Component/s: Scripts & Clients
Labels:
- upstream-fixed
Environment:
mysql Ver 15.1 Distrib 10.0.19-MariaDB, for Linux (x86_64) using readline 5.1

Description

Running mysql_upgrade on a server with a large number of database might take a while. During this time, if any user on the system does a ps axf, the user will see the mysql admin password in plain text:

...
 7089 ?        S      0:00  |           \_ /opt/bin/mysql_upgrade -u root -pxxxxxxxx
 7224 ?        S      0:00  |               \_ sh -c '/opt/bin/mysqlcheck' '--no-defaults' '--user=root' '--password=GiuxphAI' '--user=root'  '--check-upgrade'
 7225 ?        S      0:00  |                   \_ /opt/bin/mysqlcheck --no-defaults --user=root --password=x xxxxxx --user=root --check-upgrade --auto-repair
...

So, although the mysqlcheck command itself hides the password in the process listing, it leaks because myslq_upgrade shell out to execute the command. A possible fix (although I don't know anything about mariadb code) is to avoid shell-ing out and doing a fork+exec instead.

Gliffy Diagrams

Attachments

Activity

Hide

Permalink

Elena Stepanova added a comment - 2015-09-21 20:33

Thanks for the report.

Same with MySQL 5.6, but MySQL 5.7 does it differently.

Show

Elena Stepanova added a comment - 2015-09-21 20:33 Thanks for the report. Same with MySQL 5.6, but MySQL 5.7 does it differently.

People

Assignee:

Sergei Golubchik

Reporter:

lonetwin

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2015-09-21 10:22

Updated:

2015-09-21 20:33

Agile

View on Board