diff --recursive -u mysql-dfsg-4.0.22.original/client/mysqladmin.c mysql-dfsg-4.0.22/client/mysqladmin.c --- mysql-dfsg-4.0.22.original/client/mysqladmin.c 2004-10-28 02:48:34.000000000 +0200 +++ mysql-dfsg-4.0.22/client/mysqladmin.c 2004-11-02 23:39:30.000000000 +0100 @@ -127,7 +127,7 @@ {"host", 'h', "Connect to host", (gptr*) &host, (gptr*) &host, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, {"password", 'p', - "Password to use when connecting to server. If password is not given it's asked from the tty.", + "Password to use when connecting to server. If password is not given it's asked from the tty. WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time.", 0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0}, #ifdef __WIN__ {"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG, diff --recursive -u mysql-dfsg-4.0.22.original/client/mysql.cc mysql-dfsg-4.0.22/client/mysql.cc --- mysql-dfsg-4.0.22.original/client/mysql.cc 2004-10-28 02:48:36.000000000 +0200 +++ mysql-dfsg-4.0.22/client/mysql.cc 2004-11-02 23:32:42.000000000 +0100 @@ -524,7 +524,7 @@ 0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0}, #endif {"password", 'p', - "Password to use when connecting to server. If password is not given it's asked from the tty.", + "Password to use when connecting to server. If password is not given it's asked from the tty. WARNING: This is insecure as the password is visible for anyone through /proc for a short time.", 0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0}, #ifdef __WIN__ {"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG, diff --recursive -u mysql-dfsg-4.0.22.original/client/mysqldump.c mysql-dfsg-4.0.22/client/mysqldump.c --- mysql-dfsg-4.0.22.original/client/mysqldump.c 2004-10-28 02:48:38.000000000 +0200 +++ mysql-dfsg-4.0.22/client/mysqldump.c 2004-11-02 23:43:19.000000000 +0100 @@ -198,7 +198,7 @@ "Same as --add-drop-table --add-locks --all --quick --extended-insert --lock-tables --disable-keys", 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, {"password", 'p', - "Password to use when connecting to server. If password is not given it's solicited on the tty.", + "Password to use when connecting to server. If password is not given it's solicited on the tty. WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time.", 0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0}, #ifdef __WIN__ {"pipe", 'W', "Use named pipes to connect to server", 0, 0, 0, GET_NO_ARG, diff --recursive -u mysql-dfsg-4.0.22.original/client/mysqlshow.c mysql-dfsg-4.0.22/client/mysqlshow.c --- mysql-dfsg-4.0.22.original/client/mysqlshow.c 2004-10-28 02:48:34.000000000 +0200 +++ mysql-dfsg-4.0.22/client/mysqlshow.c 2004-11-02 23:44:24.000000000 +0100 @@ -156,7 +156,7 @@ {"keys", 'k', "Show keys for table", (gptr*) &opt_show_keys, (gptr*) &opt_show_keys, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, {"password", 'p', - "Password to use when connecting to server. If password is not given it's asked from the tty.", + "Password to use when connecting to server. If password is not given it's asked from the tty. WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time.", 0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0}, {"port", 'P', "Port number to use for connection.", (gptr*) &opt_mysql_port, (gptr*) &opt_mysql_port, 0, GET_UINT, REQUIRED_ARG, MYSQL_PORT, 0, 0, 0, 0, diff --recursive -u mysql-dfsg-4.0.22.original/debian/additions/mysql_tableinfo.1 mysql-dfsg-4.0.22/debian/additions/mysql_tableinfo.1 --- mysql-dfsg-4.0.22.original/debian/additions/mysql_tableinfo.1 2004-11-02 23:11:38.000000000 +0100 +++ mysql-dfsg-4.0.22/debian/additions/mysql_tableinfo.1 2004-11-03 00:02:39.000000000 +0100 @@ -289,9 +289,10 @@ .IX Item "-u, --user=#" user for database login if not current user. Give a user who has sufficient privileges (\s-1CREATE\s0, ...). -.IP "\-p, \-\-password=#" 4 -.IX Item "-p, --password=#" -password to use when connecting to server +.IP "\-p, \-\-password=# (INSECURE)" 4 +.IX Item "-p, --password=# (INSECURE)" +password to use when connecting to server. +WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time. .IP "\-h, \-\-host=#" 4 .IX Item "-h, --host=#" host to connect to diff --recursive -u mysql-dfsg-4.0.22.original/man/mysql.1.in mysql-dfsg-4.0.22/man/mysql.1.in --- mysql-dfsg-4.0.22.original/man/mysql.1.in 2004-10-28 02:48:38.000000000 +0200 +++ mysql-dfsg-4.0.22/man/mysql.1.in 2004-11-02 23:34:07.000000000 +0100 @@ -17,7 +17,7 @@ .IR hostname ] .RB [ \-n | \-\-unbuffered ] .RB [ \-p[pwd] ] -.RI [ \-\-password=[pwd] ] +.RI [ \-\-password=[pwd]\ (INSECURE) ] .RB [ \-P | \-\-port= .IR pnum ] .RB [ \-q | \-\-quick ] @@ -70,6 +70,7 @@ \fB\-p\fP|\fB\-\-password\fP[\fB=\fP\fIpwd\fP] Employ the specified password when connecting to the database server. If a password is not supplied, it will be requested interactively. +WARNING: This is insecure as the password is visible for anyone through /proc for a short time. .TP \fB\-P\fR|\fB\-\-port=\fP\fIpnum\fP Employ the specified port number for connecting to the database server. diff --recursive -u mysql-dfsg-4.0.22.original/man/mysqlaccess.1.in mysql-dfsg-4.0.22/man/mysqlaccess.1.in --- mysql-dfsg-4.0.22.original/man/mysqlaccess.1.in 2004-10-28 02:48:42.000000000 +0200 +++ mysql-dfsg-4.0.22/man/mysqlaccess.1.in 2004-11-02 23:58:51.000000000 +0100 @@ -7,11 +7,11 @@ .B mysqlaccess .RB [ \-? | \-\-help ] .RB [ \-v | \-\-version ] -.RB [ \-p | \-\-password=# ] +.RB [ \-p | \-\-password=#\ (INSECURE) ] .RB [ \-h | \-\-host=# ] .RB [ \-d | \-\-db=# ] .RB [ \-U | \-\-superuser=# ] -.RB [ \-P | \-\-spassword=# ] +.RB [ \-P | \-\-spassword=#\ (INSECURE) ] .RB [ \-H | \-\-rhost=# ] .RB [ \-\-old_server ] .RB [ \-b | \-\-brief ] @@ -36,7 +36,7 @@ username for logging in to the db .TP .BR \-p | \-\-password=# -validate password for user +validate password for user. WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time. .TP .BR \-h | \-\-host=# name or IP\-number of the host @@ -48,7 +48,8 @@ connect as superuser .TP .BR \-P | \-\-spassword=# -password for superuser +password for superuser. WARNING: Providing a password on command line is insecure as it is visible through /proc to +anyone for a short time. .TP .BR \-H | \-\-rhost=# remote MySQL\-server to connect to diff --recursive -u mysql-dfsg-4.0.22.original/man/mysqladmin.1.in mysql-dfsg-4.0.22/man/mysqladmin.1.in --- mysql-dfsg-4.0.22.original/man/mysqladmin.1.in 2004-10-28 02:48:37.000000000 +0200 +++ mysql-dfsg-4.0.22/man/mysqladmin.1.in 2004-11-02 23:39:01.000000000 +0100 @@ -11,7 +11,7 @@ .RB [ \-C | \-\-compress ] .RB [ \-h | \-\-host=[#] ] .RB [ \-p[pwd] ] -.RI [ \-\-password=[pwd] ] +.RI [ \-\-password=[pwd]\ (INSECURE) ] .RB [ \-P | \-\-port= .IR pnum ] .RB [ \-i | \-\-sleep= @@ -56,7 +56,8 @@ .TP \fB\-p\fP|\fB\-\-password\fP[\fB=\fP\fIpwd\fP] Password to use when connecting to server -If password is not given it's asked from the tty +If password is not given it's asked from the tty. +WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time. .TP \fB\-P\fR|\fB\-\-port=\fP\fIpnum\fP Port number to use for connection @@ -106,7 +107,7 @@ .RB [ flush-tables ] .RB [ flush-privileges ] .RB [ " kill id,id,... " ] -.RB [ "password \fP\fInew-password\fP "] +.RB [ "password \fP\fInew-password\fP "\ (INSECURE)] .RB [ ping ] .RB [ processlist ] .RB [ reload ] @@ -152,7 +153,8 @@ Kill mysql threads .TP .BR "password \fP\fInew-password\fP" -Change old password to new-password +Change old password to new-password. +WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time. .TP .BR ping Check if mysqld is alive diff --recursive -u mysql-dfsg-4.0.22.original/man/mysqld_multi.1.in mysql-dfsg-4.0.22/man/mysqld_multi.1.in --- mysql-dfsg-4.0.22.original/man/mysqld_multi.1.in 2004-10-28 02:48:39.000000000 +0200 +++ mysql-dfsg-4.0.22/man/mysqld_multi.1.in 2004-11-03 00:03:19.000000000 +0100 @@ -12,7 +12,7 @@ .RB [ --mysqladmin=... ] .RB [ --mysqld=... ] .RB [ --no-log ] -.RB [ --password=... ] +.RB [ --password=...\ (INSECURE) ] .RB [ --tcp-ip ] .RB [ --user=... ] .RB [ --version ] @@ -43,6 +43,7 @@ .TP .BR --password=... Password for user for mysqladmin. +WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time. .TP .BR --tcp-ip Connect to the MySQL server(s) via the TCP/IP port instead of the UNIX socket. This affects stopping and reporting. If a socket file is missing, the server may still be running, but can be accessed only via the TCP/IP port. By default connecting is done via the UNIX socket. diff --recursive -u mysql-dfsg-4.0.22.original/man/mysqldump.1.in mysql-dfsg-4.0.22/man/mysqldump.1.in --- mysql-dfsg-4.0.22.original/man/mysqldump.1.in 2004-11-02 23:11:38.000000000 +0100 +++ mysql-dfsg-4.0.22/man/mysqldump.1.in 2004-11-02 23:41:41.000000000 +0100 @@ -36,7 +36,7 @@ .RB [ \-d | \-\-no\-data ] .RB [ \-O | \-\-set\-variable var=\fP\fIoption\fP ] .RB [ \-\-opt ] -.RB [ \-p | \-\-password\fP\fI[=...]\fP ] +.RB [ \-p | \-\-password\fP\fI[=...\ (INSECURE)]\fP ] .RB [ \-P | \-\-port=... ] .RB [ \-q | \-\-quick ] .RB [ \-Q | \-\-quote\-names ] @@ -149,6 +149,7 @@ .BR \-p | \-\-password[=...] Password to use when connecting to server. If password is not given it's solicited on the tty. +WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time. .TP .BR \-P | \-\-port=... Port number to use for connection. diff --recursive -u mysql-dfsg-4.0.22.original/man/mysql_fix_privilege_tables.1.in mysql-dfsg-4.0.22/man/mysql_fix_privilege_tables.1.in --- mysql-dfsg-4.0.22.original/man/mysql_fix_privilege_tables.1.in 2004-10-28 02:48:40.000000000 +0200 +++ mysql-dfsg-4.0.22/man/mysql_fix_privilege_tables.1.in 2004-11-02 23:45:20.000000000 +0100 @@ -1,8 +1,8 @@ -.TH mysql 1 "17 March 2003" "MySQL @MYSQL_BASE_VERSION@" "MySQL database" +.TH mysql 1 "02 November 2004" "MySQL @MYSQL_BASE_VERSION@" "MySQL database" .SH NAME mysql_fix_privilege_tables \- Fixes MySQL privilege tables. .SH SYNOPSIS -mysql_fix_privilege_tables [mysql_root_password] +mysql_fix_privilege_tables [mysql_root_password\ (INSECURE)] .SH DESCRIPTION This scripts updates the mysql.user, mysql.db, mysql.host and the mysql.func tables to MySQL 3.22.14 and above. @@ -12,6 +12,7 @@ If you get 'Access denied' errors, run the script again and give the MySQL root user password as an argument. +WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time. .SH "SEE ALSO" isamchk(1), diff --recursive -u mysql-dfsg-4.0.22.original/man/mysqlshow.1.in mysql-dfsg-4.0.22/man/mysqlshow.1.in --- mysql-dfsg-4.0.22.original/man/mysqlshow.1.in 2004-10-28 02:48:34.000000000 +0200 +++ mysql-dfsg-4.0.22/man/mysqlshow.1.in 2004-11-02 23:43:56.000000000 +0100 @@ -13,7 +13,7 @@ .RB [ \-h | \-\-host=... ] .RB [ \-i | \-\-status ] .RB [ \-k | \-\-keys ] -.RB [ \-p | \-\-password\fP\fI[=...]\fP ] +.RB [ \-p | \-\-password\fP\fI[=...\ (INSECURE)]\fP ] .RB [ \-P | \-\-port=... ] .RB [ \-S | \-\-socket=... ] .RB [ \-u | \-\-user=# ] @@ -44,6 +44,7 @@ .BR \-p | \-\-password \fP\fI[=...] \fP password to use when connecting to server If password is not given it's asked from the tty. +WARNING: Providing a password on command line is insecure as it is visible through /proc to anyone for a short time. .TP .BR \-P | \-\-port=... Port number to use for connection diff --recursive -u mysql-dfsg-4.0.22.original/scripts/mysqlaccess.sh mysql-dfsg-4.0.22/scripts/mysqlaccess.sh --- mysql-dfsg-4.0.22.original/scripts/mysqlaccess.sh 2004-10-28 02:48:35.000000000 +0200 +++ mysql-dfsg-4.0.22/scripts/mysqlaccess.sh 2004-11-02 23:38:03.000000000 +0100 @@ -75,11 +75,17 @@ -u, --user=# username for logging in to the db -p, --password=# validate password for user + WARNING: Providing a password on command line is + insecure as it is visible through /proc to anyone + for a short time. -h, --host=# name or IP-number of the host -d, --db=# name of the database -U, --superuser=# connect as superuser -P, --spassword=# password for superuser + WARNING: Providing a password on command line is + insecure as it is visible through /proc to anyone + for a short time. -H, --rhost=# remote MySQL-server to connect to --old_server connect to old MySQL-server (before v3.21) which does not yet know how to handle full where clauses. diff --recursive -u mysql-dfsg-4.0.22.original/scripts/mysql_convert_table_format.sh mysql-dfsg-4.0.22/scripts/mysql_convert_table_format.sh --- mysql-dfsg-4.0.22.original/scripts/mysql_convert_table_format.sh 2004-10-28 02:48:38.000000000 +0200 +++ mysql-dfsg-4.0.22/scripts/mysql_convert_table_format.sh 2004-11-02 23:49:21.000000000 +0100 @@ -107,6 +107,8 @@ --password='password' Password for the current user. + WARNING: Providing a password on command line is insecure as it is visible + through /proc to anyone for a short time. --port=port TCP/IP port to connect to if host is not "localhost". diff --recursive -u mysql-dfsg-4.0.22.original/scripts/mysqld_multi.sh mysql-dfsg-4.0.22/scripts/mysqld_multi.sh --- mysql-dfsg-4.0.22.original/scripts/mysqld_multi.sh 2004-10-28 02:48:41.000000000 +0200 +++ mysql-dfsg-4.0.22/scripts/mysqld_multi.sh 2004-11-02 23:41:03.000000000 +0100 @@ -678,6 +678,9 @@ --no-log Print to stdout instead of the log file. By default the log file is turned on. --password=... Password for user for mysqladmin. + WARNING: Providing a password on command line is + insecure as it is visible through /proc to anyone + for a short time. --tcp-ip Connect to the MySQL server(s) via the TCP/IP port instead of the UNIX socket. This affects stopping and reporting. If a socket file is missing, the server may still be diff --recursive -u mysql-dfsg-4.0.22.original/scripts/mysql_explain_log.sh mysql-dfsg-4.0.22/scripts/mysql_explain_log.sh --- mysql-dfsg-4.0.22.original/scripts/mysql_explain_log.sh 2004-10-28 02:48:34.000000000 +0200 +++ mysql-dfsg-4.0.22/scripts/mysql_explain_log.sh 2004-11-02 23:52:16.000000000 +0100 @@ -314,6 +314,9 @@ --user=USERNAME db-user -u=USERNAME --password=PASSWORD password of db-user + WARNING: Providing a password on command line is + insecure as it is visible through /proc to anyone + for a short time. -p=PASSWORD --socket=SOCKET mysqld socket file to connect -s=SOCKET @@ -348,7 +351,7 @@ =head1 USAGE -explain_log.pl [--date=YYMMDD] --host=dbhost] [--user=dbuser] [--password=dbpw] [--socket=/path/to/socket] < logfile +explain_log.pl [--date=YYMMDD] --host=dbhost] [--user=dbuser] [--password=dbpw (INSECURE)] [--socket=/path/to/socket] < logfile --date=YYMMDD select only entrys of date @@ -363,7 +366,8 @@ -u=USERNAME --password=PASSWORD password of db-user - + WARNING: Providing a password on command line is insecure + as it is visible through /proc to anyone for a short time. -p=PASSWORD --socket=SOCKET change path to the socket diff --recursive -u mysql-dfsg-4.0.22.original/scripts/mysql_fix_privilege_tables.sh mysql-dfsg-4.0.22/scripts/mysql_fix_privilege_tables.sh --- mysql-dfsg-4.0.22.original/scripts/mysql_fix_privilege_tables.sh 2004-10-28 02:48:42.000000000 +0200 +++ mysql-dfsg-4.0.22/scripts/mysql_fix_privilege_tables.sh 2004-11-02 23:59:43.000000000 +0100 @@ -31,6 +31,10 @@ # --user= # --password= # --database= +# +# WARNING: Providing a password on command line is insecure as it is visible +# through /proc to anyone for a short time. +# root_password="" host="localhost" diff --recursive -u mysql-dfsg-4.0.22.original/scripts/mysqlhotcopy.sh mysql-dfsg-4.0.22/scripts/mysqlhotcopy.sh --- mysql-dfsg-4.0.22.original/scripts/mysqlhotcopy.sh 2004-10-28 02:48:42.000000000 +0200 +++ mysql-dfsg-4.0.22/scripts/mysqlhotcopy.sh 2004-11-02 23:51:01.000000000 +0100 @@ -32,6 +32,7 @@ mysqlhotcopy --method='scp -Bq -i /usr/home/foo/.ssh/identity' --user=root --password=secretpassword \ db_1./^nice_table/ user@some.system.dom:~/path/to/new_directory + (INSECURE) WARNING: THIS PROGRAM IS STILL IN BETA. Comments/patches welcome. @@ -53,6 +54,9 @@ -u, --user=# user for database login if not current user -p, --password=# password to use when connecting to server (if not set in my.cnf, which is recommended) + WARNING: Providing a password on command line is + insecure as it is visible through /proc to anyone + for a short time. -h, --host=# Hostname for local server when connecting over TCP/IP -P, --port=# port to use when connecting to local server with TCP/IP -S, --socket=# socket to use when connecting to local server @@ -1003,6 +1007,9 @@ one of the config files, normally /etc/my.cnf or your personal ~/.my.cnf. (See the chapter 'my.cnf Option Files' in the manual) +WARNING: Providing a password on command line is insecure as it is visible +through /proc to anyone for a short time. + =item -h, -h, --host=# Hostname for local server when connecting over TCP/IP. By specifying this diff --recursive -u mysql-dfsg-4.0.22.original/scripts/mysql_setpermission.sh mysql-dfsg-4.0.22/scripts/mysql_setpermission.sh --- mysql-dfsg-4.0.22.original/scripts/mysql_setpermission.sh 2004-10-28 02:48:34.000000000 +0200 +++ mysql-dfsg-4.0.22/scripts/mysql_setpermission.sh 2004-11-02 23:47:37.000000000 +0100 @@ -647,6 +647,9 @@ --user : is the username to connect with. --password : the password of the username. + WARNING: Providing a password on command line is + insecure as it is visible through /proc to anyone + for a short time. --host : the host to connect to. --socket : the socket to connect to. --port : the port number of the host to connect to. diff --recursive -u mysql-dfsg-4.0.22.original/scripts/mysql_tableinfo.sh mysql-dfsg-4.0.22/scripts/mysql_tableinfo.sh --- mysql-dfsg-4.0.22.original/scripts/mysql_tableinfo.sh 2004-10-28 02:48:35.000000000 +0200 +++ mysql-dfsg-4.0.22/scripts/mysql_tableinfo.sh 2004-11-02 23:53:14.000000000 +0100 @@ -441,6 +441,8 @@ =item -p, --password=# password to use when connecting to server +WARNING: Providing a password on command line is insecure as it is visible +through /proc to anyone for a short time. =item -h, --host=#