1 |
On Monday 13 April 2009 22:10:20 Mick wrote: |
2 |
> Hi All, |
3 |
> |
4 |
> I am not sure if I am alarming myself unnecessarily, but this is what I |
5 |
> observed: |
6 |
> |
7 |
> Login as e.g. mick; (this is a unix acccount) |
8 |
> mysql -u root -p |
9 |
> Enter password: XXXXXX |
10 |
> |
11 |
> mysql> GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, CREATE VIEW, INDEX, |
12 |
> INSERT, SELECT, UPDATE ON database1.* TO 'db_user1'@'localhost' IDENTIFIED |
13 |
> BY 'passwd1'; |
14 |
> Query OK, 0 rows affected (0.00 sec) |
15 |
> |
16 |
> mysql> FLUSH PRIVILEGES; |
17 |
> Query OK, 0 rows affected (0.00 sec) |
18 |
> mysql>quit |
19 |
> |
20 |
> Now if I login into database1 as db_user1 and then press the up arrow key |
21 |
> at the mysql> prompt I end up seeing all the previous commands that I ran |
22 |
> as root, including the 'passwd1'!!! |
23 |
> |
24 |
> Isn't this a rather serious security problem? How could I do it |
25 |
> differently? |
26 |
|
27 |
Not at all. What you are seeing when pressing the up arrow is not commands |
28 |
stored by MySQl, but commands stored by your shell. It's complex to explain, |
29 |
so bear with me: |
30 |
|
31 |
What you type into the mysql prompt is just essentially a shell command. Mysql |
32 |
transforms it into the correct format the the mysqld process understands and |
33 |
issues the command. In both cases above you were running these commands as |
34 |
unix user mick. In both cases, one of the attributes issued to mysqld is which |
35 |
*mysql* user to run the command as. The history as remembered by the mysql |
36 |
client is a unix history, and mick did both. |
37 |
|
38 |
Analogy: You log into bugs.gentoo.org and gmail.google.com from the same |
39 |
firefox from the same unix account but with different user names. Firefox |
40 |
however, is fully aware of what command you ran to get to both sites and has |
41 |
both passwords stored in it's wallet. |
42 |
|
43 |
To improve security, you should consistently use the same privileged unix |
44 |
account to connect to mysql for admin actions. I usually su to root to log |
45 |
into mysql as root. |
46 |
|
47 |
Plus, user alan on your machine cannot see user mick's mysql history, so it's |
48 |
not as bad as it appears. |
49 |
|
50 |
|
51 |
-- |
52 |
alan dot mckinnon at gmail dot com |