Bug #11952 | Client shows passwords passed on command line | ||
---|---|---|---|
Submitted: | 14 Jul 2005 21:29 | Modified: | 3 Aug 2005 21:14 |
Reporter: | Vito Munoz | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Command-line Clients | Severity: | S3 (Non-critical) |
Version: | 4.1.12 | OS: | Solaris (Solaris 9) |
Assigned to: | Bugs System | CPU Architecture: | Any |
[14 Jul 2005 21:29]
Vito Munoz
[14 Jul 2005 22:06]
MySQL Verification Team
I was unable to repeat this issue on Slackware 10.1: mysql> grant all on *.* to 'notsecret'@'localhost' identified by 'nosecret'; Query OK, 0 rows affected (0.08 sec) mysql> exit Bye miguel@hegel:~/dbs/4.1$ bin/mysql -unotsecret -pnosecret Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 to server version: 4.1.13-debug-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> miguel@hegel:~$ ps -ef | grep mysql <cut> miguel 1993 1984 0 13:46 pts/2 00:00:00 libexec/mysqld miguel 17702 1764 0 18:57 pts/3 00:00:00 bin/mysql -unotsecret -px xxxxxx miguel 17703 1984 0 18:57 pts/2 00:00:00 libexec/mysqld miguel 17722 17708 0 18:58 pts/5 00:00:00 grep mysql
[14 Jul 2005 22:25]
Timothy Smith
Here is the verification: mysqldev@sunfire100b:~/tsmith/mysql-classic-4.1.13-sun-solaris2.9-sparc> ./bin/mysql -pabcde test -Sdata/mysql.sock Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 to server version: 4.1.13-classic Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> [3]+ Stopped ./bin/mysql -pabcde test -Sdata/mysql.sock mysqldev@sunfire100b:~/tsmith/mysql-classic-4.1.13-sun-solaris2.9-sparc> ps -ef|grep sock mysqldev 11903 11817 0 00:23:33 pts/1 0:00 ./bin/mysql -pabcde test -Sdata/mysql.sock mysqldev@sunfire100b:~/tsmith/mysql-classic-4.1.13-sun-solaris2.9-sparc>
[14 Jul 2005 22:39]
Jim Winstead
This likely depends on which version of 'ps' you run -- the BSDish flavor in /usr/ucb/ps will probably not show the password (it will be x'd out), but the SysVish flavor in /usr/bin will. Some systems provide a setproctitle() to reset the process title, but a quick glance at Solaris man pages suggests that it is not one of them.
[25 Jul 2005 23:30]
Patrick Galbraith
I have debugged the client and seen how it sets the password to all 'x's: line 849, client.cc: while (*argument) *argument++= 'x'; // Destroy argumen *argument is a pointer to argv, so all that's beeing done is to write 'x's for each character of the password. For BSD, this 'x's out the value for ps, but on SysV, it doesn't seem to change what ps has access to. A simple program: int main(int argc,char **argv) { char *ptr; int argc_bak= argc; for (; argc > 0; argc--) printf("arg %d value %s\n", argc-1, argv[argc-1]); argc=argc_bak; for (; argc > 0; argc--) { if (argc-1 > 0) for (ptr=argv[argc-1]; *ptr; ptr++) *ptr= 'x'; } argc=argc_bak; for (; argc > 0; argc--) printf("arg %d value %s\n", argc-1, argv[argc-1]); while(1) {} return(0); } On Mac OSX (a BSD variant): radha:~/code patg$ ./args aaa bbb ccc basic arg checking program with 4 args... arg 3 value ccc arg 2 value bbb arg 1 value aaa arg 0 value ./args arg 3 value xxx arg 2 value xxx arg 1 value xxx arg 0 value ./args radha:~/mysql-build/mysql-5.0.clean/client patg$ ps aux|grep args patg 5404 56.0 0.1 36720 824 p4 R+ 1:21AM 2:07.98 ./args xxx xxx xxx Yet on sunfire280: bash-2.05$ ./args sjsj sjsj lll basic arg checking program with 4 args... arg 0 value ./args arg 1 value sjsj arg 2 value sjsj arg 3 value lll arg 0 value ./args arg 1 value xxxx arg 2 value xxxx arg 3 value xxx bash-2.05$ ps -ef|grep args mysqldev 30358 30338 50 00:59:35 pts/1 28:51 ./args sjsj sjsj lll The question is then: can we at all blank out the argv values ps has access to on Sys V?
[26 Jul 2005 0:49]
Patrick Galbraith
This issue cannot be fixed because I've found that Sys V, even if you write over argv, will not overwrite the entry in the processlist. The processlist is stored in /proc: bash-2.05$ ps -ef|grep args mysqldev 30462 30450 50 02:09:49 pts/1 36:24 ./args sjsj sjsj lll mysqldev 89203 30377 0 02:46:20 pts/2 0:00 grep args bash-2.05$ cat /proc/30462/psinfo v˛vÚv˛vÚff»`?π BÂ_L*{'8Cargs./args sjsj sjsj lllˇø˙ˇø˙∞≠Oc2?πBÂ_8CTSˇˇˇˇˇˇˇˇbash-2.05$ From what I can tell by everything I've examined, is that this is added prior to the program running and argv being changed. I found this link informational: http://www.erlenstar.demon.co.uk/unix/faq_2.html#SEC17 So, my suggestion is that if you are running SysV-based UNIX, don't use -ppassword, and this should be documented.
[3 Aug 2005 21:14]
Mike Hillyer
I have added a note to the documentation that the password should not be specified on the command-line for SysV-based UNIX systems.