Password passed on the command line is shown in process list / bash history

Bug #1028829 reported by Piotr Kilczuk
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
MySQL Data Dumper
Confirmed
Undecided
Unassigned

Bug Description

Originally reported as: https://answers.launchpad.net/mydumper/+question/203617
I'm just pasting as this issue stops me from using this promising project.

Hi,

I'm new to mydumper and think it's a great tool, but what worries me is that the password for the account used to create the export is shown in the process list.

I can live with the fact that I have to provide the password at the command-line, but showing the password in the processlist is a big security risk as all users on a normal Linux machine can see all processes... and thus see a username/password combination which they can use to login at MySQL...

Is there any way to secure this in mydumper?

Michel

Revision history for this message
Domas Mituzas (domas-mituzas) wrote :

It should be able to read your ~/.my.cnf ([client] and [mydumper] groups probably, I'm not sure if I actually implemented :)

Revision history for this message
HighKing (esz-ei6h3l-n1h) wrote :

Ah, yes this works great! I created a ~/.my.cnf with only [mydumper] and a password line. Now I see no login information in the processlist.

Probably should document that. ;-)

Revision history for this message
Piotr Kilczuk (p-kilczuk) wrote :

Glad that works - are you planning to implement reading the password from STDIN like in mysqldump?

Revision history for this message
Domas Mituzas (domas-mituzas) wrote : Re: [Bug 1028829] Re: Password passed on the command line is shown in process list / bash history

I'd keep stdin available for other future uses instead, I don't see urgent
need for this feature with my.cnf in place. Do note, mysql library also may
pick certain environment variables, if passed.

Revision history for this message
Dmitry Ilyin (idv1985) wrote :

I have posted password masking patch. Look in original question comments.

Revision history for this message
rat (szczur-i) wrote :

fixed patch for 0.6.1 version

Revision history for this message
rat (szczur-i) wrote :

fixed patch for 0.6.1 version - for myloader.c

rat (szczur-i)
Changed in mydumper:
status: New → Confirmed
Revision history for this message
Max Bubenick (max-bubenick) wrote :

Thanks for the patch, I will test it and commit

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.