From: Dmitry V. Levin Date: March 13 2003 10:55pm Subject: Re: [packagers] Re: MySQL user can be changed to root (fwd) List-Archive: http://lists.mysql.com/packagers/92 Message-Id: <20030313225535.GA27364@basalt.office.altlinux.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn" --x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Mar 13, 2003 at 08:34:37PM +0100, Sergei Golubchik wrote: > This particular race condition allows only one thing. And it doesn't prevent another possible mysql->root attacks using config file. [...] > > Using fstat together with st_uid check closes these issues, too. > > As I said, we cannot add st_uid check in 3.23 or 4.0. At least, you could print a warning, that config file has insecure ownership and/or permissions, so it's not portable (may be explicitly disabled by vendor), deprecated and should be avoided. Once more: without st_uid and S_IWGRP checks you cannot prevent another possible mysql->root attacks. > > After all, let's try to avoid potentially raceable constructions. > > This particular construction is not exploitable. It is not exploitable using SELECT INTO OUTFILE method, but it won't help from attacker with mysql rights. In ALT GNU/*/Linux, we package MySQL chrooted to /var/lib/mysql by default, with /var/lib/mysql owned by root, sticky bit set, etc. All these efforts are void if mysql user is allowed to tamper with config file. > Let's try to apply rules wherever they matter, and not where > pattern-matching tool identifies a "potential vulnerability". I'm sure that open/fstat check is not overkill in this particular case. It adds no complexity as compared with stat/open check, and easier to support: some day one will have to deal with that piece of code again... --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+cQxn9viEa8HiNCkRAsknAJ9hi2ukco1nF+Ciz4SryM6ZJgoaCQCfR4U6 uNyuIn+mQ+Rq0fUe5D6VAew= =4bk3 -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn--