Description:
Scanning a server running MySQL Router instance using the "nmap" utility with explicit port numbers will crash the MySQL Router instance if the "nmap" command is run by a non-privileged user.
- If nmap is run without explicit port numbers (i.e. the "-p" option is not used), then the behavior is not observded.
- If nmap is run by a root user, this behavior is not observed.
MySQL router is running on a Red Hat Enterprise Linux 6.10 server running on a VMware host. Nmap version 5.51 (default version for this OS) and version 6.47-1 exhibited this behavior. Nmap version 4.11 (default version for RHEL 5) did not exhibit this behavior.
The output of nmap run by either type of user is "generally" the same. The non-privileged user does not get MAC information.
RUN AS ROOT
-----------
nmap -p3306,6447,64460,64470 XXXXXX.XXX.XXX
Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-23 20:09 GMT
Nmap scan report for XXXXXXXXXXXXXXX (XXX.XXX.XXX.XXX)
Host is up (0.00053s latency).
PORT STATE SERVICE
3306/tcp open mysql
6447/tcp open unknown
64460/tcp open unknown
64470/tcp open unknown
MAC Address: XXXXXXXXXXXX (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds
-----------------------------------------------------------------
RUN AS NON-PRIVILEGED USER
--------------------------
nmap -p3306,6447,64460,64470 XXXXXX.XXX.XXX
Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-23 20:11 GMT
Nmap scan report for XXXXXXXXXXXXXXX (XXX.XXX.XXX.XXX)
Host is up (0.00022s latency).
PORT STATE SERVICE
3306/tcp open mysql
6447/tcp open unknown
64460/tcp open unknown
64470/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
-----------------------------------------------------------------
- MySQL Router was bootstrapped against a MySQL (5.7.26 Community edition compiled from source) InnoDB Cluster primary node running on port 4306.
- After bootstrap, I manually modified the READ-WRITE port value from "6446" to "3306".
- The lack of this modification does not change the behavior.
- It does not matter which of the MySQL Router bound ports is scanned, or whether they are scanned individually, or as part of list of ports.
MySQL Router log when nmap is run by non-privileged user using explicit ports
-----------------------------------------------------------------------------
2019-05-21 17:28:16 routing ERROR [7f292ffff700] routing:bpoTestLabCluster_default_rw: getpeername() failed, errno: 107
2019-05-21 17:28:16 main ERROR [7f292ffff700] plugin 'routing:bpoTestLabCluster_default_rw' start failed: routing:bpoTestLabCluster_default_rw: getpeername() failed, errno: 107
2019-05-21 17:28:16 main INFO [7f2935f5c7e0] Shutting down. Stopping all plugins.
2019-05-21 17:28:16 routing INFO [7f2934c61700] [routing:bpoTestLabCluster_default_ro] stopped
2019-05-21 17:28:16 routing INFO [7f292ebfd700] [routing:bpoTestLabCluster_default_x_rw] stopped
2019-05-21 17:28:16 routing INFO [7f292f5fe700] [routing:bpoTestLabCluster_default_x_ro] stopped
2019-05-21 17:28:16 main INFO [7f2935f5c7e0] Deinitializing all plugins.
2019-05-21 17:28:16 main INFO [7f2935f5c7e0] Unloading all plugins.
2019-05-21 17:28:16 main ERROR [7f2935f5c7e0] Error: routing:bpoTestLabCluster_default_rw: getpeername() failed, errno: 107
How to repeat:
1) Install and configure MySQL Router community edition version 8.0.15 or 8.0.16.
2) Start MySQL Router.
3) On a separate RHEL 6 server with the RHEL default nmap package installed, login as a non-privileged user and execute the following, substituting the proper FQDN of the host:
nmap -p6446 <MySQL Router Host>
Suggested fix:
I cannot suggest a fix at this time.
