SST auth password should not be exposed to 'ps'

Bug #1200727 reported by Jay Janssen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL patches by Codership
New
Undecided
Unassigned
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC
Fix Released
Undecided
Raghavendra D Prabhu

Bug Description

example:

10960 pts/1 S+ 0:00 | \_ /bin/sh /etc/init.d/mysql start
10969 pts/1 S+ 0:00 | \_ /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/lib/mysql/node1.pid
11230 pts/1 Sl+ 0:00 | | \_ /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/lib/mysql/error.log --pid-file=/var/lib/mysql/node1.pid --wsrep_start_position=000000
11245 pts/1 S+ 0:00 | | \_ /bin/bash -ue /usr//bin/wsrep_sst_xtrabackup --role joiner --address 192.168.70.2 --auth sst:secret --datadir /var/lib/mysql/ --defaults-file /etc/my.cnf --parent 11230
11301 pts/1 S+ 0:00 | | \_ perl /usr//bin/innobackupex --defaults-file=/etc/my.cnf --apply-log /var/lib/mysql/
11322 pts/1 Sl+ 0:00 | | \_ xtrabackup_55 --defaults-file=/etc/my.cnf --defaults-group=mysqld --prepare --target-dir=/var/lib/mysql --tmpdir=/tmp

Can the 'secret' be masked there?

Revision history for this message
Jay Janssen (jay-janssen) wrote :

Also in the error log:

130712 12:24:22 [Note] WSREP: Running: 'wsrep_sst_xtrabackup --role 'donor' --address '192.168.70.3:4444/xtrabackup_sst' --auth 'sst:secret' --socket '/var/lib/mysql/mysql.sock' --datadir '/var/lib/mysql/' --defaults-file '/etc/my.cnf' --gtid '84da6d43-eb0e-11e2-b856-f2edc1eccf76:0''

Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

Doing it in error log should be trivial, however, doing it for wsrep_sst_xtrabackup requires doing it with setproctitle(3) from libbsd.

Changed in percona-xtradb-cluster:
milestone: none → 5.5.32-23.7.6
status: New → Triaged
assignee: nobody → Raghavendra D Prabhu (raghavendra-prabhu)
Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

a) The joiner doesn't need the sst auth in first place (since auth happens on donor).

b) The donor doesn't need to pass wsrep_sst_xtrabackup the user:password either. The wsrep_sst_common can directly parse the my.cnf file.

c) There already seems to be some masking present with sst_auth_real / wsrep_sst_auth but that doesn't seem to be working.

#b is the easiest fix for this, but also requires fixing in wsrep_sst.cc to not pass user:pass

Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

Since the wsrep_sst_auth option may be provided during
testing/RQG, I will keep the option, instead another option:
wsrep_sst_auth can be added under [sst] (but not under [mysqld]) which can be read by
wsrep_sst_common without that showing up in ps.

Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

I have fixed this in PXC, however, note that innobackupex still shows user/pass in ps output.

To prevent this, you need to pass it user/pass (like always) under [client] in my.cnf (and only there), innobackupex can read it from there.

Refer to https://bazaar.launchpad.net/~percona-core/percona-xtradb-cluster/5.5/revision/401 for more details.

Changed in percona-xtradb-cluster:
status: Triaged → Fix Committed
Changed in percona-xtradb-cluster:
status: Fix Committed → Fix Released
Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXC-1396

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.