bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Aw: Re: Chained command prints password in Clear Text and breaks BASH Se


From: John Kearney
Subject: Aw: Re: Chained command prints password in Clear Text and breaks BASH Session until logout
Date: Thu, 11 Jul 2013 20:04:10 +0200 (CEST)

   Sorry made a typo in the last email  I meant try
   stty echo




   sounds like echo is turned off
   try typing
   stty echo
   when you  you say you don't see any output.
   And if echoing is turned off it was probably turned off my mysql.
   Gesendet: Donnerstag, 11. Juli 2013 um 19:53 Uhr
   Von: "Jason Sipula" <address@hidden>
   An: Kein Empfänger
   Cc: address@hidden
   Betreff: Re: Chained command prints password in Clear Text and breaks
   BASH Session until logout
   I probably should have filed two different reports for this. Sorry for
   any
   confusion guys.
   The password makes sense to me why it allows clear text...
   The second issue is once the command terminates, bash session does not
   behave normally at all. Nothing typed into the terminal over SSH or
   directly on the console displays, however it does receive the keys.
   Also,
   if you repeatedly hit ENTER key, instead of skipping to new line, it
   just
   repeats the bash prompt over and over in a single line. So far
   restarting
   bash session (by logging out then back in) is the only way I have found
   to
   "fix" the session and return to normal functionality.
   On Thu, Jul 11, 2013 at 10:47 AM, John Kearney <address@hidden>
   wrote:
   >
   > This isn't a but in bash.
   > firstly once a program is started it takes over the input so the fact
   that
   > your password is echoed to the terminal is because myspl allows it
   not
   > bash, and in mysql defense this is the normal behaviour for command
   line
   > tools.
   >
   > Secondly both mysqldump and mysql start at the same time and can
   > potentially be reading the password also at the same time.
   > on some systems and for some apps it could happen that.
   >
   > password for mysqldump p1234
   > password for mysql p5678
   >
   > the way you are staring them you could potentially end up with
   >
   > mysqldump getting p5274
   > mysql getting p1638
   >
   > basically you should give the password on the command line to mysql.
   >
   > something like
   > read -sp "Password:" Password
   > mysqldump -u someuser --password ${Password} -p somedb | mysql -u
   someuser
   > --password ${Password} -p -D someotherdb
   >
   > *Gesendet:* Mittwoch, 10. Juli 2013 um 23:54 Uhr
   > *Von:* "Jason Sipula" <address@hidden>
   > *An:* address@hidden
   > *Betreff:* Chained command prints password in Clear Text and breaks
   BASH
   > Session until logout
   > Configuration Information [Automatically generated, do not change]:
   > Machine: x86_64
   > OS: linux-gnu
   > Compiler: gcc
   > Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
   > -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-redhat-linux-gnu'
   > -DCONF_VENDOR='redhat' -DLOCALEDIR='/usr/share/locale'
   -DPACKAGE='bash'
   > -DSHELL -DHAVE_CONFIG_H -I. -I. -I./include -I./lib -D_GNU_SOURCE
   > -DRECYCLES_PIDS -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
   -fexceptions
   > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
   -fwrapv
   > uname output: Linux appsrv01.js.local 2.6.32-358.6.1.el6.x86_64 #1
   SMP Tue
   > Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
   > Machine Type: x86_64-redhat-linux-gnu
   >
   > Bash Version: 4.1
   > Patch Level: 2
   > Release Status: release
   >
   > Description:
   >
   > Reproducible from both an SSH session as well as directly at the
   console.
   >
   > On BASH 4.1.x (4.1.2) running under CentOS 6.x (6.4 Final) and MySQL
   5.1.x
   > (5.1.69). I believe this bug will persist on all distros running BASH
   4.x.x
   >
   > After running the chained command (see below "Repeat-By" section),
   BASH
   > allows a password field to be seen in Clear Text, and then the BASH
   session
   > breaks until BASH session is restarted (logout then login).
   >
   > The purpose of the command is to dump the database "somedb" ... which
   would
   > normally dump to a text file for import later... but instead redirect
   > stdout to the stdin of the chained mysql command which will import
   all the
   > data from "somedb" into "someotherdb" on the same MySQL host. The
   command
   > works, but there's two problems.
   >
   > MySQL correctly challenges for password of "someuser" to perform the
   > mysqldump part, but once you type in the password and hit ENTER, it
   skips
   > to a new blank line without the shell prompt and just sits. It is
   waiting
   > for you to type in the password for "someuser" as the second part of
   the
   > command (but does not prompt for this and it's not intuitive, it
   appears
   > as-if the command is running)... If you type, it's in clear text!
   > Potentially a major security issue there.
   >
   > It gets worse...
   >
   > After you hit ENTER a second time, the command will finish, and it
   will
   > return a fresh line with the shell prompt. Everything looks normal...
   but
   > try typing. Nothing will show at all, however it is sending the keys
   to the
   > shell and will execute commands if you type them in and hit ENTER.
   Each
   > successful command will return you to a fresh shell line, but same
   thing
   > happens until you log out and back in (to restart BASH). Also, while
   this
   > is happening, you can hit the ENTER key over and over and BASH will
   just
   > keep repeating the shell prompt on the same line.
   >
   > Repeat-By:
   >
   > At the shell, issue the command:
   >
   > ~]# mysqldump -u someuser -p somedb | mysql -u someuser -p -D
   someotherdb
   >
   > Shouldn't need to run that command as root, but the mysql user must
   be
   > privileged enough to work with the two databases. To simplify things
   you
   > can replace "someuser" with root.
   >
   > Thank you,
   >
   > Jason Sipula
   > address@hidden
   >


reply via email to

[Prev in Thread] Current Thread [Next in Thread]