opuppet/module-mysql
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

mysql root password is leaked to the process list

Browse source 
Every time the root password reset is used we're leaking the password to
the process list. If we use the already present /root/.my.cnf for
credentials then it has the same effect for verification and we avoid
leaking the password.
This commit is contained in:
Gabriel Filion 2015-05-13 16:02:36 -04:00
parent 85514f6feb
commit 1522deafda
4 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
files/scripts/CentOS/setmysqlpass.sh
View file

@ -24,7 +24,7 @@ must_have chown
rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 /usr/bin/mysqladmin --defaults-file=/root/.my.cnf status > /dev/null && echo "Nothing to do as the password already works" && exit 0
/usr/bin/systemctl stop mariadb /usr/bin/systemctl stop mariadb

2
files/scripts/CentOS/setmysqlpass.sh.5
View file

@ -4,7 +4,7 @@ test -f /root/.my.cnf || exit 1
rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 /usr/bin/mysqladmin --defaults-file=/root/.my.cnf status > /dev/null && echo "Nothing to do as the password already works" && exit 0
/sbin/service mysqld stop /sbin/service mysqld stop

2
files/scripts/CentOS/setmysqlpass.sh.6
View file

@ -4,7 +4,7 @@ test -f /root/.my.cnf || exit 1
rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 /usr/bin/mysqladmin --defaults-file=/root/.my.cnf status > /dev/null && echo "Nothing to do as the password already works" && exit 0
/sbin/service mysqld stop /sbin/service mysqld stop

2
files/scripts/Debian/setmysqlpass.sh
View file

@ -25,7 +25,7 @@ must_have chown
rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/') rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0 /usr/bin/mysqladmin --defaults-file=/root/.my.cnf status > /dev/null && echo "Nothing to do as the password already works" && exit 0
/etc/init.d/mysql stop /etc/init.d/mysql stop