| 1 |
On Monday 13 April 2009 22:10:20 Mick wrote: |
| 2 |
> Hi All, |
| 3 |
> |
| 4 |
> I am not sure if I am alarming myself unnecessarily, but this is what I |
| 5 |
> observed: |
| 6 |
> |
| 7 |
> Login as e.g. mick; (this is a unix acccount) |
| 8 |
> mysql -u root -p |
| 9 |
> Enter password: XXXXXX |
| 10 |
> |
| 11 |
> mysql> GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, CREATE VIEW, INDEX, |
| 12 |
> INSERT, SELECT, UPDATE ON database1.* TO 'db_user1'@'localhost' IDENTIFIED |
| 13 |
> BY 'passwd1'; |
| 14 |
> Query OK, 0 rows affected (0.00 sec) |
| 15 |
> |
| 16 |
> mysql> FLUSH PRIVILEGES; |
| 17 |
> Query OK, 0 rows affected (0.00 sec) |
| 18 |
> mysql>quit |
| 19 |
> |
| 20 |
> Now if I login into database1 as db_user1 and then press the up arrow key |
| 21 |
> at the mysql> prompt I end up seeing all the previous commands that I ran |
| 22 |
> as root, including the 'passwd1'!!! |
| 23 |
> |
| 24 |
> Isn't this a rather serious security problem? How could I do it |
| 25 |
> differently? |
| 26 |
|
| 27 |
Not at all. What you are seeing when pressing the up arrow is not commands |
| 28 |
stored by MySQl, but commands stored by your shell. It's complex to explain, |
| 29 |
so bear with me: |
| 30 |
|
| 31 |
What you type into the mysql prompt is just essentially a shell command. Mysql |
| 32 |
transforms it into the correct format the the mysqld process understands and |
| 33 |
issues the command. In both cases above you were running these commands as |
| 34 |
unix user mick. In both cases, one of the attributes issued to mysqld is which |
| 35 |
*mysql* user to run the command as. The history as remembered by the mysql |
| 36 |
client is a unix history, and mick did both. |
| 37 |
|
| 38 |
Analogy: You log into bugs.gentoo.org and gmail.google.com from the same |
| 39 |
firefox from the same unix account but with different user names. Firefox |
| 40 |
however, is fully aware of what command you ran to get to both sites and has |
| 41 |
both passwords stored in it's wallet. |
| 42 |
|
| 43 |
To improve security, you should consistently use the same privileged unix |
| 44 |
account to connect to mysql for admin actions. I usually su to root to log |
| 45 |
into mysql as root. |
| 46 |
|
| 47 |
Plus, user alan on your machine cannot see user mick's mysql history, so it's |
| 48 |
not as bad as it appears. |
| 49 |
|
| 50 |
|
| 51 |
-- |
| 52 |
alan dot mckinnon at gmail dot com |
Archives