[debian-mysql] Bug#850216: mysql-server-5.6: Listens on * by default after installation (related to use of alternatives)
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 5 06:07:55 UTC 2017
Source: mysql-5.6
Version: 5.6.30-1
Severity: grave
Tags: security
Justification: user security hole
Hi
When installing myssql-server-5.6 in stretch and sid, then mysqld is
started and listend not binding on localhost only, but listen on *.
tcp LISTEN 0 80 :::mysql :::* users:(("mysqld",pid=2810,fd=10))
This issue seems related to the switch to use the alternatives system for my.cnf, now mysql-5.6 as well picking the mariadb.cnf in auto mode.
That one includes
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/
and thus the installation ends without
bind-address = 127.0.0.1
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list