Site Navigation
Disclaimer
The views or opinions expressed on this blog are my own and do not necessarily reflect the views or opinions of Oracle Corporation. The views or opinions expressed by visitors on this blog are theirs solely and may not reflect mine.
Categories
Syndicate This Blog
Tuesday, June 2. 2009
Basic MySQL Security: Providing passwords on the command line
Reading through the comments in Ronald's second post about More Basic MySQL Security, I noticed that there seems to be a misunderstanding about the implications of providing passwords to the mysql command line client via the "-p" option:
What’s more insecure is passing password as an argument to MySQL, like you’ve written (-p[password]), since that can really be seen by anyone.
While Linux security is often considered good, an astonishing weakness is “ps aux”, where every user can see every process running. Therefore, even user “games” can see that user root is running “mysql -pmypassword”. I find this a much higher risk than putting the MySQL’s root password in file, where a user need to gain access to machine’s “root”
Well, this isn't actually the case! Try it for yourself and start the MySQL command line client by providing a users's password via the "-p" option:
$ mysql -u root -p<somepassword> Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.1.34 SUSE MySQL RPM Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. root@localhost:(none) >Now, open a second shell and check the process list:
$ ps aux | grep "mysql -u" lenz 19357 0.0 0.0 7868 2884 pts/4 S+ 12:30 0:00 mysql -u root -px xxxxxAs you can see, the password has been obfuscated by replacing the password with "x" characters. This action is performed by the mysql client after parsing the -p option — let's take a look at the sources:
case 'p':
if (argument == disabled_my_option)
argument= (char*) ""; // Don't require password
if (argument)
{
char *start= argument;
my_free(opt_password, MYF(MY_ALLOW_ZERO_PTR));
opt_password= my_strdup(argument, MYF(MY_FAE));
while (*argument) *argument++= 'x'; // Destroy argument
if (*start)
start[1]=0 ;
tty_password= 0;
}
In theory, there is a very short window in which the password can be seen in plaintext (after the mysql process has started up until it has performed the obfuscation), but capturing this information takes really good timing.
But it's of course true that this information also gets stored in the user's shell history file, e.g. ~/.bash_history, where it potentially could be seen by other users, if the file permissions are not set up correctly. So always make sure that you entire home directory (or at least the history file) are protected against being read by other users (using chmod/chown appropriately)!
Quicksearch
Calendar
|
February '12 | |||||
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
My last post about Basic MySQL Security generated a number of interesting comments, thanks for all your feedback! I'd like to address a few points that were mentioned there: While the problem seems to be a non-issue on Linux, Keith Murphy stated that the
Tracked: Jun 03, 22:45
Tracked: Jun 05, 18:49
Tracked: Jun 05, 22:32
Tracked: Jun 08, 09:28