Red Hat Bugzilla – Bug 156076
mysqlhotcopy is a security risk
Last modified: 2013-07-02 23:05:29 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3
Description of problem:
Mysqlhotcopy allows any user to view valid login names and password for a MySQL database
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. run mysqlhotcopy on a large database
2. on another terminal run "ps -ef"
3. view an unencrypted username and password for the database
Actual Results: unencrypted username and password for the database are seen
Expected Results: The username and passwords should be read from a file that is not world readable
*** Bug 156077 has been marked as a duplicate of this bug. ***
Isn't this true only if you use the --password option, which the documentation
specifically warns you to avoid for precisely this reason?
Fedora Core 3 is not maintained anymore.
Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.