Bug #11280 Quoting problem in mysqld_multi
Submitted: 13 Jun 2005 9:20 Modified: 4 Sep 2005 3:07
Reporter: Nicolas Baradakis Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:4.1.12 OS:Any (All)
Assigned to: Jim Winstead CPU Architecture:Any

[13 Jun 2005 9:20] Nicolas Baradakis
Description:
I think there is a problem when mysqld_multi builds the command line
which starts or stops an instance of mysqld. If the value of an option
in my.cnf contains a metacharacter of the shell, weird things happen.
For example, a '>' or a '|' in a password raises errors.

http://lists.mysql.com/internals/25874

How to repeat:
Write unsafe characters in the value of an option of the [mysqld#] section.

[mysqld1]
master-user = replication
master-password = '|&;()<>'

Suggested fix:
Putting quotes around options in the command line could be a wise
thing to do in this case.

--- mysql-4.1.13-nightly-20050610.orig/scripts/mysqld_multi.sh  2005-06-10
+16:29:48.000000000 +0200
+++ mysql-4.1.13-nightly-20050610/scripts/mysqld_multi.sh       2005-06-10
+16:44:55.172526848 +0200
@@ -289,8 +289,7 @@
       }
       else
       {
-       $options[$j]=~ s/;/\\;/g;
-       $tmp.= " $options[$j]";
+       $tmp.= " \'$options[$j]\'";
       }
     }
     if ($opt_verbose && $com =~ m/\/safe_mysqld$/ && !$info_sent)
@@ -374,7 +373,7 @@
   $mysqladmin_found= 0 if (!length($mysqladmin));
   $com = "$mysqladmin";
   $tmp = " -u $opt_user";
-  $tmp.= defined($opt_password) ? " -p$opt_password" : "";
+  $tmp.= defined($opt_password) ? " -p\'$opt_password\'" : "";
   $tmp.= $opt_tcp_ip ? " -h 127.0.0.1" : "";
   for ($j = 0; defined($options[$j]); $j++)
   {
[6 Jul 2005 8:39] Geert Vanderkelen
Hi,

Thanks for the report and thanks for the fix! I was able to reproduce and indeed,
putting single quotes there help.
It is not a feature request tough ;)

Goes for all versions of MySQL coming with mysqld_multi.

Thanks again!

Cheers,
Geert
[27 Aug 2005 0:30] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/28920
[31 Aug 2005 17:22] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/29121
[2 Sep 2005 20:17] Jim Winstead
Fixed in 4.1.15 and 5.0.13.
[4 Sep 2005 3:07] Paul Dubois
Noted in 4.1.15, 5.0.13 changelogs.