[debian-mysql] Bug#742046: mysql-server: please add a debconf variable to identify root using the 'auth_socket' plugin
Guilhem Moulin
guilhem at guilhem.org
Tue Mar 18 16:05:23 UTC 2014
Package: mysql-server
Version: 5.5.35+dfsg-2
Severity: normal
Dear Maintainer,
When installing a MySQL server in a non-interactive environment (for
instance using a configuration manager):
DEBIAN_FRONTEND=noninteractive apt-get install mysql-server
The post-install hook currently creates a root user without a password, making
any local user able to connect as root:
guilhem at fresti: ~$ mysql -u root mysql
[…]
mysql> SELECT user,host,password,plugin FROM user;
+------------------+-----------+-------------------------------------------+--------+
| user | host | password | plugin |
+------------------+-----------+-------------------------------------------+--------+
| root | localhost | | |
| root | fresti | | |
| root | 127.0.0.1 | | |
| root | ::1 | | |
| debian-sys-maint | localhost | *0B79A0000E943CB9D2719FACD42B17D2550398AB | |
+------------------+-----------+-------------------------------------------+--------+
Since as far as I'm concerned I don't have a use-case where a user should
connect to MySQL as root unless she already has UNIX root privileges, I would
like to use the Socket Peer-Credential Authentication Plugin [1].
Of course I could manually remove all hosts that are not ‘localhost’ and force
authentication using said plugin:
mysql> DROP USER 'root'@'fresti';
mysql> DROP USER 'root'@'127.0.0.1';
mysql> DROP USER 'root'@'::1';
mysql> INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
mysql> UPDATE user SET plugin = 'auth_socket', password = '' WHERE user = 'root' AND host = 'localhost';
mysql> FLUSH PRIVILEGES;
mysql> SELECT user,host,password,plugin FROM user;
+------------------+-----------+-------------------------------------------+-------------+
| user | host | password | plugin |
+------------------+-----------+-------------------------------------------+-------------+
| root | localhost | | auth_socket |
| debian-sys-maint | localhost | *0B79A0000E943CB9D2719FACD42B17D2550398AB | |
+------------------+-----------+-------------------------------------------+-------------+
mysql> QUIT;
guilhem at fresti: ~$ mysql -u root mysql
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
However the race condition opens an obvious insecure windows, during which any
user can connect as root and (for instance) add another MySQL user and GRANT it
ALL PRIVILEGES.
IMHO the best way to overcome the issue would be to add a debconf variable to
force Socket Peer-Credential Authentication for the root user. (Or perhaps
that should be the default when the password is left blank? Or perhaps even
the password should be disabled by default, and only activated if explicitly
asked at the installation?)
Thanks!
Cheers,
--
Guilhem.
[1] https://dev.mysql.com/doc/refman/5.5/en/socket-authentication-plugin.html
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, 'unstable'), (800, 'testing'), (700, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.13-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mysql-server depends on:
ii mysql-server-5.5 5.5.35+dfsg-2
mysql-server recommends no packages.
mysql-server suggests no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20140318/b8020049/attachment.sig>
More information about the pkg-mysql-maint
mailing list