mysql: mysqld creates world readable logs..

From: Michael Widenius (montyat_private)
Date: Sun Dec 27 1998 - 10:10:33 PST

Next message: Robert Watson: "Re: Why you should avoid world-writable directories"

Previous message: Fernando Ultremare: "Re: bnc exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "Mike" == Mike Uttech <mike-uttechat_private> writes:

Mike> On three systems that we have looked at, mysqld creates a world readable
Mike> log file that contains the passwords for the users if they were INSERT'd
Mike> into the user database.  If you chmod the log files to 600, it will keep
Mike> them at 600 even if you restart mysqld.  If you remove the logfile, then
Mike> restart mysqld it will recreate the logfile with 644.

Mike> [zipoff data]# cat *.log | grep PASSWORD
Mike> 981225 22:50:58    371 Query     INSERT INTO user (host,user,password)
Mike> VALUES('localhost','zipoff',PASSWORD('th1si5acrypt1cpa55w0rd'))

Hi!

This is a known misfeature in MySQL 3.21;  This if fixed in MySQL 3.22

Regards,
Monty

Next message: Robert Watson: "Re: Why you should avoid world-writable directories"
Previous message: Fernando Ultremare: "Re: bnc exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:29 PDT