Bug #9833 mysqld allows running as root when user does not exist
Submitted: 12 Apr 2005 1:52 Modified: 26 Apr 2005 0:58
Reporter: Lachlan Mulcahy Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.1.11 OS:Any (Any)
Assigned to: Jim Winstead CPU Architecture:Any

[12 Apr 2005 1:52] Lachlan Mulcahy
Description:
Running mysqld as a user that doesn't exist causes mysqld to fallback to running as the current user, even if that current user is root. A fatal error is reported in the error log, however the server still keeps running.

This seems inconsistent with the fatal error that is given when you try to run mysqld as the root user without specifying a --user option. This situation reports a fatal error and does not allow the server to run.

How to repeat:
Run as root, "mysqld --user=<any user name that does not exist>".
Run as root, "mysqld".

Compare behaviour.

Suggested fix:
In my personal opinion a failure to change to the requested user should be treated as equally fatal as running directly as root, even if the current user it falls back to is a non-privileged user, it allows any users that may connect to the server with FILE privileges access to write to unintended locations, etc.

At a minimum the server should be stopped immediately if unable to change user and the user the server would fall back to is root, though stopping regardless is preferable in my eyes.
[13 Apr 2005 22:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/23996
[25 Apr 2005 22:52] Jim Winstead
Fixed in 4.1.12 and 5.0.5.
[26 Apr 2005 0:58] Paul DuBois
Noted in 4.1.12, 5.0.5 changelogs.