Bug 88352 - rfe: mysqld should bind only to localhost by default instead of 0.0.0.0
rfe: mysqld should bind only to localhost by default instead of 0.0.0.0
Status: CLOSED UPSTREAM
Product: Red Hat Linux
Classification: Retired
Component: mysql (Show other bugs)
8.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tom Lane
David Lawrence
:
: 109424 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-04-09 06:57 EDT by Toni Willberg
Modified: 2013-07-02 22:59 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-02-03 14:10:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Toni Willberg 2003-04-09 06:57:18 EDT
Hello.

By default mysql-server installation configures mysqld to listen on all
addresses (0.0.0.0).

I suggest changing the default configuration to bind mysqld only to localhost
(127.0.0.1) by adding "bind-address=127.0.0.1" to /etc/my.cnf.

There should be no need to listen on 0.0.0.0 right after installation, as the
database is empty anyway.


Version-Release number of selected component (if applicable):
mysql-server-3.23.54a-4
Comment 1 Nathan G. Grennan 2003-05-05 12:35:09 EDT
I agree with you. I have been adding --bind-address=127.0.0.1 to
/etc/rc.d/init.d/mysqld on the safe_mysqld line. I don't trust the acl not to
allow someone to buffer overflow or exploit mysqld in some way. Even if it is
just DDoS.
Comment 2 Toni Willberg 2003-05-28 08:30:59 EDT
Still valid for mysql-server-3.23.56-2.
Comment 3 Patrick Macdonald 2003-11-10 10:14:37 EST
*** Bug 109424 has been marked as a duplicate of this bug. ***
Comment 4 Tom Lane 2004-02-03 14:10:34 EST
I'm a bit hesitant to override the upstream's opinions about how to
configure their software.  If we do this then Red Hat installations
will behave differently from everyone else's, and we'll get bug
reports about how people can't connect to their MySQL servers.

I'd suggest taking it up with MySQL AB and seeing if you can convince
them it's a good idea.

Note You need to log in before you can comment on or make changes to this bug.