Bug 85971

Summary: possible root exploit in mysqld startup
Product: [Retired] Red Hat Linux Reporter: Christopher McCrory <chrismcc>
Component: mysqlAssignee: Patrick Macdonald <patrickm>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 8.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-03-25 16:17:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christopher McCrory 2003-03-11 17:53:01 UTC 
Description of problem:

From bugtraq
http://www.securityfocus.com/archive/1/314391/2003-03-08/2003-03-14/0


Hi. I tried this on my own MySQL 3.23.55 !!!
I found out that logging as the root user, we can change mysqld to run as root
instead that
i.e. mysql but this works only if there's just one my.cnf file and it is locate
in /etc...
Here's how I did it...
<snip>




Version-Release number of selected component (if applicable):

mysql < 3.23.56

How reproducible:
Always

Steps to Reproduce:
1.  see URL for post above
2.
3.
    
Actual results:


Expected results:


Additional info:

Fix:

http://www.securityfocus.com/archive/1/314616/2003-03-08/2003-03-14/0


Sergei Golubchik <serg>
This issue has been adressed in 3.23.56 (release build is started
today), and some steps were taken to alleviate the threat.
<snip>


listed under RH8.0
but also applies to all others
Comment 1 Patrick Macdonald 2003-03-11 18:04:53 UTC 
Assigning to myself.  We'll have to wait until MySQL.com
releases the 3.23.56 packages.  I may just upgrade to this
release when enabling thread safe clients.
Comment 2 Mark J. Cox 2003-03-19 09:33:11 UTC 
This is CAN-2003-0150
Comment 3 Patrick Macdonald 2003-03-25 16:17:32 UTC 
Held this patch back while MySQL 3.23.56 was being spun.  This fix will be
available via the errata system.