Bug #164 mysqladmin processlist shows wrong hostname in MySQL 4.0.12
Submitted: 19 Mar 2003 5:18 Modified: 19 Mar 2003 6:12
Reporter: Peter Zaitsev (Basic Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.0 OS:Any
Assigned to: CPU Architecture:Any

[19 Mar 2003 5:18] Peter Zaitsev
Description:
Wrong host is displayed in "mysqladmin processlist" it seems to be host MySQL is running, not the one user is connected from.

This is minor security issue as it allows intruder connected from untrusted host to be invisible using "mysqladmin processlist"

How to repeat:
Connect using host different than localhost:
(Connect to the real host)
pz@abyss:~/mysql> mysql -habyss
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 4.0.12-debug

Now run processlist:

pz@abyss:~> mysqladmin processlist
+----+------+-----------------+----+---------+------+-------+------------------+
| Id | User | Host            | db | Command | Time | State | Info             |
+----+------+-----------------+----+---------+------+-------+------------------+
| 2  | pz   | localhost:34150 |    | Sleep   | 14   |       |                  |
| 3  | pz   | localhost       |    | Query   | 0    |       | show processlist |
+----+------+-----------------+----+---------+------+-------+------------------+

I've checked connecting over network host "localhost" is still displayed.
[19 Mar 2003 6:12] Sinisa Milivojevic
=== sql_show.cc 1.102 vs edited =====
*** /tmp/sql_show.cc-1.102-30554        Fri Feb 28 21:17:38 2003
--- edited/sql_show.cc  Wed Mar 19 15:49:11 2003
***************
*** 1064,1073 ****
        {
          if ((thd_info->host= thd->alloc(LIST_PROCESS_HOST_LEN+1)))
            my_snprintf((char *) thd_info->host, LIST_PROCESS_HOST_LEN,
!                       "%s:%u", thd->host_or_ip, tmp->peer_port);
        }
        else
!         thd_info->host= thd->strdup(thd->host_or_ip);
          if ((thd_info->db=tmp->db))             // Safe test
            thd_info->db=thd->strdup(thd_info->db);
          thd_info->command=(int) tmp->command;
--- 1064,1073 ----
        {
          if ((thd_info->host= thd->alloc(LIST_PROCESS_HOST_LEN+1)))
            my_snprintf((char *) thd_info->host, LIST_PROCESS_HOST_LEN,
!                       "%s:%u", tmp->host_or_ip, tmp->peer_port);
        }
        else
!         thd_info->host= thd->strdup(tmp->host_or_ip);
          if ((thd_info->db=tmp->db))             // Safe test
            thd_info->db=thd->strdup(thd_info->db);
          thd_info->command=(int) tmp->command;