Bug #6343 | Passwords on commandline can be read via /proc/<pid>/cmdline | ||
---|---|---|---|
Submitted: | 31 Oct 2004 11:26 | Modified: | 2 Nov 2004 2:54 |
Reporter: | Christian Hammers (Silver Quality Contributor) (OCA) | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Command-line Clients | Severity: | S4 (Feature request) |
Version: | all | OS: | Any (all) |
Assigned to: | CPU Architecture: | Any |
[31 Oct 2004 11:26]
Christian Hammers
[2 Nov 2004 2:54]
Matthew Lord
Hi, Thank you for your bug report! This is documented behavior so I changed the severity to feature request. This is something to be debated. Thanks again! http://dev.mysql.com/doc/mysql/en/Password_security.html " Use a -pyour_pass or --password=your_pass option on the command line. For example: shell> mysql -u francis -pfrank db_name This is convenient but insecure, because your password becomes visible to system status programs such as ps that may be invoked by other users to display command lines. MySQL clients typically overwrite the command-line password argument with zeros during their initialization sequence, but there is still a brief interval during which the value is visible. Use a -p or --password option with no password value specified. In this case, the client program solicits the password from the terminal: shell> mysql -u francis -p db_name Enter password: ******** The `*' characters indicate where you enter your password. The password is not displayed as you enter it. It is more secure to enter your password this way than to specify it on the command line because it is not visible to other users. However, this method of entering a password is suitable only for programs that you run interactively. If you want to invoke a client from a script that runs non-interactively, there is no opportunity to enter the password from the terminal. On some systems, you may even find that the first line of your script is read and interpreted (incorrectly) as your password!"
[2 Nov 2004 23:07]
Christian Hammers
warn-CLI-passwords.diff
Attachment: warn-CLI-passwords.diff (text/plain), 19.09 KiB.
[2 Nov 2004 23:09]
Christian Hammers
Hello I added a patch for 4.0.22 that at least adds warnings to the manpages and --help output of all relevant client binaries and scripts I found. bye, -christian-
[15 Nov 2004 3:28]
[ name withheld ]
This is a design error, not a programming error. It's no way a feature request, as the consequences can be severe. If you disagree, please disprove that: (1) The status quo leads substantial percentage of the MySQL users giving out their credentials to other users on the system (2) There are many systems where this actually matters, as these systems use the traditional UNIX security model, are multiuser, and the users don't necessarily trust each other (3) The users specifying the password on the commandline currently would stop doing this if they learnt this means they're giving their credentials away, or would find another way of securing the session. Documenting this behaviour solves: (4) This is an unexpected behaviour, the users are lured into expecting a security and confidentiality, whilst there is none. False security is far worse than no security. -- Jan Minar <jjminar at fastmail fm>