mydumper shows password in processlist

Asked by HighKing on 2012-07-19

Hi,

I'm new to mydumper and think it's a great tool, but what worries me is that the password for the account used to create the export is shown in the process list.

I can live with the fact that I have to provide the password at the command-line, but showing the password in the processlist is a big security risk as all users on a normal Linux machine can see all processes... and thus see a username/password combination which they can use to login at MySQL...

Is there any way to secure this in mydumper?

Michel

Question information

Language:
English Edit question
Status:
Answered
For:
MySQL Data Dumper Edit question
Assignee:
No assignee Edit question
Last query:
2012-07-19
Last reply:
2012-10-27
Dmitry Ilyin (idv1985) said : #1

Yes, it's a serious problem and there are two solutions:

1. Use ~/.my.cfg with your login and password to authenticate. It will both not save password in bash history and hide password if ps list, but you'll have to keep plaintext password in your homedir.

2. Try this patch

commit 056fa3edc2a3880d35986d6f123430fde5fe292a
Author: Dmitry Ilyin <email address hidden>
Date: Sat Oct 27 02:10:40 2012 +0400

    Add cmdline mask for mydumper

diff --git a/mydumper.c b/mydumper.c
index 9c37d39..39edff1 100644
--- a/mydumper.c
+++ b/mydumper.c
@@ -367,6 +367,15 @@ int main(int argc, char *argv[])

        init_mutex = g_mutex_new();

+ //calculate cmdlen
+ int cmdlen = 0;
+ int argn = 0;
+
+ for (argn = 0; argn < argc; ++argn) {
+ cmdlen += (int) strlen(argv[argn]);
+ }
+ cmdlen = cmdlen + argc - 1;
+
        context = g_option_context_new("multi-threaded MySQL dumping");
        GOptionGroup *main_group= g_option_group_new("main", "Main Options", "Main Options", NULL, NULL);
        g_option_group_add_entries(main_group, entries);
@@ -377,6 +386,11 @@ int main(int argc, char *argv[])
                exit (EXIT_FAILURE);
        }
        g_option_context_free(context);
+
+ //erase cmdline
+ memset(argv[0],'\0',cmdlen);
+ //set new cmdline
+ sprintf(argv[0],"mydumper: dumping database '%s'",db);

        if (program_version) {
                g_print("mydumper %s, built against MySQL %s\n", VERSION, MYSQL_SERVER_VERSION);

-------
and this for my loader
-------

commit f8f9850045a317b927903482317ee32ecce47eea
Author: Dmitry Ilyin <email address hidden>
Date: Sat Oct 27 02:24:33 2012 +0400

    Add cmdline mask for myloader

diff --git a/myloader.c b/myloader.c
index 7697e97..a38b4fd 100644
--- a/myloader.c
+++ b/myloader.c
@@ -93,6 +93,15 @@ int main(int argc, char *argv[]) {

        init_mutex= g_mutex_new();

+ //calculate cmdlen
+ int cmdlen = 0;
+ int argn = 0;
+
+ for (argn = 0; argn < argc; ++argn) {
+ cmdlen += (int) strlen(argv[argn]);
+ }
+ cmdlen = cmdlen + argc - 1;
+
        context= g_option_context_new("multi-threaded MySQL loader");
        GOptionGroup *main_group= g_option_group_new("main", "Main Options", "Main Options", NULL, NULL);
        g_option_group_add_entries(main_group, entries);
@@ -104,6 +113,11 @@ int main(int argc, char *argv[]) {
        }
        g_option_context_free(context);

+ //erase cmdline
+ memset(argv[0],'\0',cmdlen);
+ //set new cmdline
+ sprintf(argv[0],"myloader: loading from directory '%s'",directory);
+
        if (program_version) {
                g_print("myloader %s, built against MySQL %s\n", VERSION, MYSQL_SERVER_VERSION);
                exit(EXIT_SUCCESS);

----
They hide password and other arguments from ps list

p4guru (p4guru) said : #2

Did any fix make it into 0.5.2 ?

Can you help with this problem?

Provide an answer of your own, or ask HighKing for more information if necessary.

To post a message you must log in.