Chained command prints password in Clear Text and breaks BASH Session until logout

[Jason Sipula]

Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-redhat-linux-gnu'
-DCONF_VENDOR='redhat' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash'
-DSHELL -DHAVE_CONFIG_H   -I.  -I. -I./include -I./lib  -D_GNU_SOURCE
-DRECYCLES_PIDS  -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fwrapv
uname output: Linux appsrv01.js.local 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue
Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-redhat-linux-gnu

Bash Version: 4.1
Patch Level: 2
Release Status: release

Description:

Reproducible from both an SSH session as well as directly at the console.

On BASH 4.1.x (4.1.2) running under CentOS 6.x (6.4 Final) and MySQL 5.1.x
(5.1.69). I believe this bug will persist on all distros running BASH 4.x.x

After running the chained command (see below "Repeat-By" section), BASH
allows a password field to be seen in Clear Text, and then the BASH session
breaks until BASH session is restarted (logout then login).

The purpose of the command is to dump the database "somedb" ... which would
normally dump to a text file for import later... but instead redirect
stdout to the stdin of the chained mysql command which will import all the
data from "somedb" into "someotherdb" on the same MySQL host. The command
works, but there's two problems.

MySQL correctly challenges for password of "someuser" to perform the
mysqldump part, but once you type in the password and hit ENTER, it skips
to a new blank line without the shell prompt and just sits. It is waiting
for you to type in the password for "someuser" as the second part of the
command (but does not prompt for this and it's not intuitive, it appears
as-if the command is running)... If you type, it's in clear text!
Potentially a major security issue there.

It gets worse...

After you hit ENTER a second time, the command will finish, and it will
return a fresh line with the shell prompt. Everything looks normal... but
try typing. Nothing will show at all, however it is sending the keys to the
shell and will execute commands if you type them in and hit ENTER. Each
successful command will return you to a fresh shell line, but same thing
happens until you log out and back in (to restart BASH). Also, while this
is happening, you can hit the ENTER key over and over and BASH will just
keep repeating the shell prompt on the same line.

Repeat-By:

At the shell, issue the command:

~]# mysqldump -u someuser -p somedb | mysql -u someuser -p -D someotherdb

Shouldn't need to run that command as root, but the mysql user must be
privileged enough to work with the two databases. To simplify things you
can replace "someuser" with root.

Thank you,

Jason Sipula
alupis1@gmail.com