mirror of
https://github.com/MariaDB/server.git
synced 2026-04-21 15:55:53 +02:00
Bug #18163964 PASSWORD IS VISIBLE WHILE CHANGING IT FROM
MYSQLADMIN IN PROCESSES LIST Description: Checking the process status (with ps -ef) while executing "mysqladmin" with old password and new password via command-line will show the new password in the process list sporadically. Analysis: The old password is being masked by "mysqladmin". So masking the new password in the similar manner would reduce hitting the bug. But this would not completely fix the bug, because if "ps -ef " command hits the mysqladmin before it masks the passwords it will show both the old and new passwords in the process list. But the chances of hitting this is very less. Fix: The new password also masked in the similar manner that of the --password argument.
This commit is contained in:
Arun Kuruvila
parent
cb0afbd126
commit
83836886a1
1 changed files with 56 additions and 4 deletions
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -71,6 +71,7 @@ extern "C" my_bool get_one_option(int optid, const struct my_option *opt,
|
|||
char *argument);
|
||||
static my_bool sql_connect(MYSQL *mysql, uint wait);
|
||||
static int execute_commands(MYSQL *mysql,int argc, char **argv);
|
||||
static char **mask_password(int argc, char ***argv);
|
||||
static int drop_db(MYSQL *mysql,const char *db);
|
||||
extern "C" sig_handler endprog(int signal_number);
|
||||
static void nice_time(ulong sec,char *buff);
|
||||
|
|
@ -304,9 +305,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),
|
|||
|
||||
int main(int argc,char *argv[])
|
||||
{
|
||||
int error= 0, ho_error;
|
||||
int error= 0, ho_error, temp_argc;
|
||||
MYSQL mysql;
|
||||
char **commands, **save_argv;
|
||||
char **commands, **save_argv, **temp_argv;
|
||||
|
||||
MY_INIT(argv[0]);
|
||||
mysql_init(&mysql);
|
||||
|
|
@ -318,6 +319,9 @@ int main(int argc,char *argv[])
|
|||
free_defaults(save_argv);
|
||||
exit(ho_error);
|
||||
}
|
||||
temp_argv= mask_password(argc, &argv);
|
||||
temp_argc= argc;
|
||||
|
||||
if (debug_info_flag)
|
||||
my_end_arg= MY_CHECK_ERROR | MY_GIVE_INFO;
|
||||
if (debug_check_flag)
|
||||
|
|
@ -328,7 +332,7 @@ int main(int argc,char *argv[])
|
|||
usage();
|
||||
exit(1);
|
||||
}
|
||||
commands = argv;
|
||||
commands = temp_argv;
|
||||
if (tty_password)
|
||||
opt_password = get_tty_password(NullS);
|
||||
|
||||
|
|
@ -476,6 +480,13 @@ int main(int argc,char *argv[])
|
|||
my_free(shared_memory_base_name);
|
||||
#endif
|
||||
free_defaults(save_argv);
|
||||
temp_argc--;
|
||||
while(temp_argc >= 0)
|
||||
{
|
||||
my_free(temp_argv[temp_argc]);
|
||||
temp_argc--;
|
||||
}
|
||||
my_free(temp_argv);
|
||||
my_end(my_end_arg);
|
||||
exit(error ? 1 : 0);
|
||||
return 0;
|
||||
|
|
@ -1089,6 +1100,47 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
@brief Masking the password if it is passed as command line argument.
|
||||
|
||||
@details It works in Linux and changes cmdline in ps and /proc/pid/cmdline,
|
||||
but it won't work for history file of shell.
|
||||
The command line arguments are copied to another array and the
|
||||
password in the argv is masked. This function is called just after
|
||||
"handle_options" because in "handle_options", the agrv pointers
|
||||
are altered which makes freeing of dynamically allocated memory
|
||||
difficult. The password masking is done before all other operations
|
||||
in order to minimise the time frame of password visibility via cmdline.
|
||||
|
||||
@param argc command line options (count)
|
||||
@param argv command line options (values)
|
||||
|
||||
@return temp_argv copy of argv
|
||||
*/
|
||||
|
||||
static char **mask_password(int argc, char ***argv)
|
||||
{
|
||||
char **temp_argv;
|
||||
temp_argv= (char **)(my_malloc(sizeof(char *) * argc, MYF(MY_WME)));
|
||||
argc--;
|
||||
while (argc > 0)
|
||||
{
|
||||
temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
|
||||
if (find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_PASSWORD ||
|
||||
find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_OLD_PASSWORD)
|
||||
{
|
||||
char *start= (*argv)[argc];
|
||||
while (*start)
|
||||
*start++= 'x';
|
||||
start= (*argv)[argc];
|
||||
if (*start)
|
||||
start[1]= 0; /* Cut length of argument */
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
|
||||
return(temp_argv);
|
||||
}
|
||||
|
||||
static void print_version(void)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue