Comments on: More Basic MySQL Security

By: Shlomi Noach

Shlomi Noach — Wed, 03 Jun 2009 04:58:20 +0000

Following Lenz’ comment and post, I stand corrected and am very surprised.
Thanks for shedding some light!

By: Lenz Grimmer

Lenz Grimmer — Tue, 02 Jun 2009 13:52:26 +0000

Somehow backtracking to this blog entry failed – I wrote a short blog entry with more details about the password obfuscation in the process list here:
http://www.lenzg.net/archives/256-Basic-MySQL-Security-Providing-passwords-on-the-command-line.html

By: Lenz Grimmer

Lenz Grimmer — Tue, 02 Jun 2009 10:10:08 +0000

Shlomi: “ps aux” does not actually reveal the password. The mysql command line client obfuscates it – if you check the output of “ps aux | grep mysql” you will see, that the password string has been replaced with “xxxxx”.

By: Shlomi Noach

Shlomi Noach — Sat, 30 May 2009 17:28:58 +0000

Hi,

Shameless promotion: please check out oak-secutiry-audit, a utility which audits your MySQL installation against many security holes and weaknesses, covering empty passwords, duplicate passwords, permissive grants, weak configuration etc.

While Linux security is often considered good, an astonishing weakness is “ps aux”, where *every* user can see *every* process running. Therefore, even user “games” can see that user root is running “mysql -pmypassword”.
I find this a much higher risk than putting the MySQL’s root password in file, where a user need to gain access to machine’s “root”.

Still, linux security is by far higher than MySQL security (I have no proof for this, just the common understanding). If you chmod 600 /root/.my.cnf, may be move it to /root/surprise/unexpected.filename (who says it’s to be called my.cnf?), you add some more confusion (though still easily hacked by the experienced).

Obviously, for specific cronjob tasks, just create the required users with limited privileges, never with GRANT OPTION. However, I find that for many tasks, the abused SUPER privilege is required, which allows for nasty stuff like KILL etc.).

By: Andrew

Andrew — Fri, 29 May 2009 23:43:37 +0000

if you’re root, you can already own a MySQL database with fairly basic knowledge with or without a mysql ‘root’ account. Using .cnf files is much preferred to using -p and (as Morgan pointed out) having this exposed and logged in various ways.

By: Erik Ljungstrom

Erik Ljungstrom — Fri, 29 May 2009 22:56:33 +0000

While I agree with Morgan in principle, setting a password will stop your average “curious teenage hacker” from causing trouble because he was given the opportunity, but would of course not stop someone even reasonably novice, yet determined to sabotage or steal data.

But yes, ~/.bash_history and ~/.mysql_history is indeed another thing to bear in mind for the security conscious person!

By: Morgan Tocker

Morgan Tocker — Fri, 29 May 2009 20:41:25 +0000

So you say that you shouldn’t keep the root password in a file that only root can read, but you don’t mention that the *same user* has the permissions to just restart the server with a –init-file to change the password, skip grants, or create a new user with just as powerful permissions?

In your example the password also ends up in the bash history file :p

I’ve never liked having to enter passwords to a service I should already have permissions to. It encourages people to use things that they can remember easily, which generally means that the passwords are weak, or repeated elsewhere.

By: Jaka Jančar

Jaka Jančar — Fri, 29 May 2009 19:57:03 +0000

If someone has access to the unix root account, then they can change the root mysql password anyways.

What’s more insecure is passing password as an argument to MySQL, like you’ve written (-p[password]), since that can really be seen by anyone.