bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Chained command prints password in Clear Text and breaks BASH Sessio


From: Jason Sipula
Subject: Re: Chained command prints password in Clear Text and breaks BASH Session until logout
Date: Thu, 11 Jul 2013 11:11:24 -0700

You learn something new every day!

After your explanations, this situation makes perfect sense to me now. I
was attempting to quickly clone a database to basically rename it since
mysql removed the rename command a while ago (it was dangerous apparently).

It's pretty awesome that you guys took the time to explain this to me
instead of just blowing me off. Thank you very much.

-Jason


On Thu, Jul 11, 2013 at 11:04 AM, Greg Wooledge <address@hidden> wrote:

> On Thu, Jul 11, 2013 at 10:47:12AM -0700, Jason Sipula wrote:
> > I still think this is a bash issue. After the command terminates, you
> must
> > restart your bash session to return to normal functionality. Nothing
> typed
> > into the terminal displays but it does receive it.
>
> If the terminal has been messed up (which happens frequently when programs
> exit abnormally), then you'll need to run "reset" or some other command
> to reset the terminal.
>
> > Perhaps I'm
> > misunderstanding what bash's job is... I was under the impression the
> shell
> > was responsible for displaying text in the terminal.
>
> That's incorrect.  The terminal itself is responsible for displaying text
> in the terminal.  Bash simply reads commands from a file descriptor and
> runs them.  When the commands are running, they interact directly with
> the terminal, while bash goes to sleep.
>
>
> On Thu, Jul 11, 2013 at 07:47:47PM +0200, John Kearney wrote:
> >
> >    This isn't a but in bash.
> >    firstly once a program is started it takes over the input so the fact
> >    that your password is echoed to the terminal is because myspl allows
> it
> >    not bash, and in mysql defense this is the normal behaviour for
> command
> >    line tools.
>
> Well.  The issue is really that he's trying to run two separate instances
> of "mysql -p" in the same terminal at the same time.  They're competing
> for the same input stream, and that never works well.
>
> There is no "normal behavior" among programs that accept a password for
> authentication.  Some of them open /dev/tty directly.  Some of them
> read from standard input.  Some of them accept a password in a command
> line argument, or in an environment variable -- both of which are bad.
>
> >    Secondly both mysqldump  and mysql start at the same time and can
> >    potentially be reading the password also at the same time.
>
> (You described multiple stdin readers here.  I won't repeat that part.)
>
> >    basically you should give the password on the command line to mysql.
> >    something like
> >    read -sp "Password:" Password
> >    mysqldump -u someuser --password ${Password} -p somedb | mysql -u
> >    someuser --password ${Password} -p -D someotherdb
>
> First: use more quotes.  "$Password", not ${Password} or $Password.
>
> Second: passing the password (which is presumably supposd to remain
> secret) on the command line allows it to be visible to every user on
> the system.  On 99% of Unix systems in the world, anyway.  There are
> undoubtedly some small number where user can't run "ps -ef", or where
> they get limited output from it, but you shouldn't assume.
>
> There may be some setups where this solution is adequate, once it's
> been quoted correctly.  In most setups, it is unsafe.  It's up to Jason
> to decide whether his setup can permit this.
>
> I'd ask a mysql list for advice with this.  It's not something that can
> be generalized across applications.
>


reply via email to

[Prev in Thread] Current Thread [Next in Thread]