Prevent root password from being accessible by normal users on first run #53
Conversation
| fi | ||
|
|
||
| chown -R mysql:mysql "$DATADIR" |
There was a problem hiding this comment.
Permissions are now only set during initialization. Would this be a problem when using an already initialized data-dir (e.g. bind-mounted)?
There was a problem hiding this comment.
Yes, it almost certainly will. The line should have been copied instead of moved. Thanks :)
|
If I understand this correctly, the issue is that the file I tried changing the permissions on the file to One thing I don't like about the entrypoint changes is the fact that On a side note, it looks like the branch you're using has other changes in it that are unrelated to the password fix (e.g. the removal of Perl for the 5.7 Dockerfile). Those changes should probably go in a separate PR. |
|
P.S. It's really cool to see this PR coming from the |
|
Is the desired procedure to only have a single commit, or just no unrelated features? The perl dependency change could be removed, but the others are bug fixes. With regards to the server run in init, I agree it's fairly ugly, but don't really know a more graceful way to do it. We do have suggestions on features that would help, such as single user mode, but the server doesn't currently support it. |
|
I mainly suggested breaking out the Perl change because it looks like something that can be merged without much discussion, whereas I think sorting out this If you think any of the other fixes are unambiguous bugs that can be easily merged after a short discussion, I'd probably break those into their own PRs too (or possibly combine them with the Perl change). |
|
The bugfixes are related to the security issue, so they need to be included. We'll separate the Perl change, though. |
| local section=$1 | ||
| local option=$2 | ||
| local default=$3 | ||
| ret=$(/usr/local/mysql/bin/my_print_defaults $section | grep '^--'${option}'=' | cut -d= -f2-) |
There was a problem hiding this comment.
Why not just rely on the PATH for finding the right my_print_defaults binary?
There was a problem hiding this comment.
Yes, that should work better.
|
+1 to being able to solve things like #24 in a clean way -- this was the solution we were considering for that, but were having trouble bringing ourselves to actually start up and background |
|
The whitespace in this PR seems to be all over the place -- some places it's a tab (like it was originally in these files), but some places it's a 4-space indent or stranger incantations. 😄 |
|
Whitespace issue is my bad. Managed to set up my editor and git so I missed the issue :) |
|
|
||
| SOCKET=$(get_option mysqld socket "/tmp/mysql.sock") | ||
| HOSTNAME=$(hostname) | ||
| PIDFILE=$(get_option mysqld pid-file "$DATADIR/$HOSTNAME.pid") |
There was a problem hiding this comment.
What I meant with my comment on this line before is why are we bothering with HOSTNAME here at all? The "hostname" in our container is likely to be something random like 9d3cb2141e44, so why not just go with something like mysql.pid and make sure it's deleted appropriately before we start up mysqld?
There was a problem hiding this comment.
Yeah, it's probably a better idea to specify the pid-file instead of doing it like this.
|
The 5.7.6+ issue wasn't given very high priority before we started the work with Docker, but it's a bigger problem here because of the way we use the --verbose --help command to fetch options. We're looking into ways to handle it, but at least it's not an issue on Debian right now :) |
|
Good enough for me -- let's get this in; sorry for the delay! LGTM |
|
Can you rebase so that the pretty new tests can run (#73)? Just a |
|
Will do |
- File with root password in plaintext was readable from database the first time server was run
* Removed hardcoded path from my_print_defaults command * Moved command for setting datadir ownership to before server is started
* Removed unnecessary folder check * Specify pid-file for 5.5 instead of using hostname * Change server shutdown check to be more reliable (socket is closed before all resources are released, which could lead to issues)
|
A couple of things to note:
|
|
LGTM (YOU TEASE -- looking forward to something better than our start-stop hackery 👍) |
|
Also, green tests are 💚. |
Prevent root password from being accessible by normal users on first run
The first time the server was started, the file containing the root password in plaintext would be readable by any user on the database (and the filename listed in the variable list).
We changed the first run to do the initialization separately, then restart the server.