Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mysql: MySQL Security

From: ben () ALGROUP CO UK (Ben Laurie)
Date: Tue, 31 Mar 1998 20:05:19 +0100

Michael Widenius wrote:



"Sandu" == Sandu Mihai <mike () com pcnet ro> writes:


Sandu> When you use a certain mysql configuration it is possible to create
Sandu> files on the system as root with rw-rw-rw.

<snip>

The file is always created with 0666, by the following code:

sql_class.cc:167:  if ((file=my_create(path, 0666, O_WRONLY, MYF(MY_WME))) < 0)

Normally one should never run mysqld as root and one should always
set a password for the MySQL root user.


Of course:

a) mysqld runs as root by default

b) if you've set the port <1024, so it gets filtered naturally by your
firewall, you have to run as root. The following patch fixes this
problem (on FreeBSD at least), if you add "MYSQL_USER=someuser; export
MYSQL_USER" to safe_mysqld.

Only lightly tested...

--- mysqld.cc.orig      Tue Mar 31 19:27:53 1998
+++ mysqld.cc   Tue Mar 31 19:35:59 1998
@@ -57,6 +57,8 @@
 #define SET_RLIMIT_NOFILE
 #endif

+#include <pwd.h>
+
 #define MAX_RETRY 10                   // Test accept this many times
 #define CONNECT_TIMEOUT 3              // Don't wait long for connect

@@ -291,6 +293,33 @@
   }
 }

+static void set_user()
+{
+  struct passwd *ent;
+  char *user;
+
+// don't bother if we aren't superuser
+  if(geteuid())
+    return;
+
+  if(!(user = getenv("MYSQL_USER")))
+    return;
+
+  if(!(ent = getpwnam(user)))
+  {
+    perror("getpwnam");
+    application_end();
+    unireg_abort(1);
+  }
+
+  if(setuid(ent->pw_uid) == -1)
+  {
+    perror("setuid");
+    application_end();
+    unireg_abort(1);
+  }
+}
+

 static void server_init(void)
 {
@@ -336,6 +365,9 @@
       application_end();
       unireg_abort(1);
     }
+
+    set_user();
+
     VOID(listen(ip_sock,(int) back_log));
   }

Cheers,

Ben.

--
Ben Laurie            |Phone: +44 (181) 735 0686|  Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben () algroup co uk |
A.L. Digital Ltd,     |Apache-SSL author    http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache
Previous By Date Next
Previous By Thread Next

Current thread: