Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 156077 - mysqlhotcopy is a security risk
Summary: mysqlhotcopy is a security risk
Keywords:
Status: CLOSED DUPLICATE of bug 156076
Alias: None
Product: Fedora
Classification: Fedora
Component: mysql
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tom Lane
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-27 12:26 UTC by Nigel Horne
Modified: 2013-07-03 03:05 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-27 14:20:47 UTC


Attachments (Terms of Use)

Description Nigel Horne 2005-04-27 12:26:21 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3

Description of problem:
Mysqlhotcopy allows any user to view valid login names and password for a MySQL database

Version-Release number of selected component (if applicable):
mysql-3.23.58-16.FC3.1

How reproducible:
Always

Steps to Reproduce:
1. run mysqlhotcopy on a large database
2. on another terminal run "ps -ef"
3. view an unencrypted username and password for the database
  

Actual Results:  unencrypted username and password for the database are seen

Expected Results:  The username and passwords should be read from a file that is not world readable

Additional info:

Comment 1 Tom Lane 2005-04-27 14:20:47 UTC

*** This bug has been marked as a duplicate of 156076 ***


Note You need to log in before you can comment on or make changes to this bug.