Bug 156076 - mysqlhotcopy is a security risk
mysqlhotcopy is a security risk
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: mysql (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tom Lane
David Lawrence
: Security
: 156077 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-27 08:25 EDT by Nigel Horne
Modified: 2013-07-02 23:05 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-07 22:33:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nigel Horne 2005-04-27 08:25:40 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3

Description of problem:
Mysqlhotcopy allows any user to view valid login names and password for a MySQL database

Version-Release number of selected component (if applicable):
mysql-3.23.58-16.FC3.1

How reproducible:
Always

Steps to Reproduce:
1. run mysqlhotcopy on a large database
2. on another terminal run "ps -ef"
3. view an unencrypted username and password for the database
  

Actual Results:  unencrypted username and password for the database are seen

Expected Results:  The username and passwords should be read from a file that is not world readable

Additional info:
Comment 1 Tom Lane 2005-04-27 10:20:53 EDT
*** Bug 156077 has been marked as a duplicate of this bug. ***
Comment 2 Tom Lane 2005-05-09 11:33:42 EDT
Isn't this true only if you use the --password option, which the documentation
specifically warns you to avoid for precisely this reason?
Comment 3 petrosyan 2008-02-07 22:33:52 EST
Fedora Core 3 is not maintained anymore.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.

Note You need to log in before you can comment on or make changes to this bug.