Bug #18163964 PASSWORD IS VISIBLE WHILE CHANGING IT FROM

MYSQLADMIN IN PROCESSES LIST Description: Checking the process status (with ps -ef) while executing "mysqladmin" with old password and new password via command-line will show the new password in the process list sporadically. Analysis: The old password is being masked by "mysqladmin". So masking the new password in the similar manner would reduce hitting the bug. But this would not completely fix the bug, because if "ps -ef " command hits the mysqladmin before it masks the passwords it will show both the old and new passwords in the process list. But the chances of hitting this is very less. Fix: The new password also masked in the similar manner that of the --password argument.

Bug #18163964 PASSWORD IS VISIBLE WHILE CHANGING IT FROM
MYSQLADMIN IN PROCESSES LIST Description: Checking the process status (with ps -ef) while executing "mysqladmin" with old password and new password via command-line will show the new password in the process list sporadically. Analysis: The old password is being masked by "mysqladmin". So masking the new password in the similar manner would reduce hitting the bug. But this would not completely fix the bug, because if "ps -ef " command hits the mysqladmin before it masks the passwords it will show both the old and new passwords in the process list. But the chances of hitting this is very less. Fix: The new password also masked in the similar manner that of the --password argument.
2dbebf77 · Arun Kuruvila · 10978e0a · 2dbebf77
Commit 2dbebf77 authored May 16, 2014 by Arun Kuruvila
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 4 deletions

client/mysqladmin.cc client/mysqladmin.cc +56 -4

No files found.
--- a/client/mysqladmin.cc
+++ b/client/mysqladmin.cc
 /*
-   Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -71,6 +71,7 @@ extern "C" my_bool get_one_option(int optid, const struct my_option *opt,
                                  char *argument);
 static my_bool sql_connect(MYSQL *mysql, uint wait);
 static int execute_commands(MYSQL *mysql,int argc, char **argv);
+static char **mask_password(int argc, char ***argv);
 static int drop_db(MYSQL *mysql,const char *db);
 extern "C" sig_handler endprog(int signal_number);
 static void nice_time(ulong sec,char *buff);
@@ -304,9 +305,9 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)),

 int main(int argc,char *argv[])
 {
-  int error= 0, ho_error;
+  int error= 0, ho_error, temp_argc;
  MYSQL mysql;
-  char **commands, **save_argv;
+  char **commands, **save_argv, **temp_argv;

  MY_INIT(argv[0]);
  mysql_init(&mysql);
@@ -318,6 +319,9 @@ int main(int argc,char *argv[])
    free_defaults(save_argv);
    exit(ho_error);
  }
+  temp_argv= mask_password(argc, &argv);
+  temp_argc= argc;
+
  if (debug_info_flag)
    my_end_arg= MY_CHECK_ERROR | MY_GIVE_INFO;
  if (debug_check_flag)
@@ -328,7 +332,7 @@ int main(int argc,char *argv[])
    usage();
    exit(1);
  }
-  commands = argv;
+  commands = temp_argv;
  if (tty_password)
    opt_password = get_tty_password(NullS);

@@ -476,6 +480,13 @@ int main(int argc,char *argv[])
  my_free(shared_memory_base_name);
 #endif
  free_defaults(save_argv);
+  temp_argc--;
+  while(temp_argc >= 0)
+  {
+    my_free(temp_argv[temp_argc]);
+    temp_argc--;
+  }
+  my_free(temp_argv);
  my_end(my_end_arg);
  exit(error ? 1 : 0);
  return 0;
@@ -1089,6 +1100,47 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
  return 0;
 }

+/**
+   @brief Masking the password if it is passed as command line argument.
+
+   @details It works in Linux and changes cmdline in ps and /proc/pid/cmdline,
+            but it won't work for history file of shell.
+            The command line arguments are copied to another array and the
+            password in the argv is masked. This function is called just after
+            "handle_options" because in "handle_options", the agrv pointers
+            are altered which makes freeing of dynamically allocated memory
+            difficult. The password masking is done before all other operations
+            in order to minimise the time frame of password visibility via cmdline.
+
+   @param argc            command line options (count)
+   @param argv            command line options (values)
+
+   @return temp_argv      copy of argv
+*/
+
+static char **mask_password(int argc, char ***argv)
+{
+  char **temp_argv;
+  temp_argv= (char **)(my_malloc(sizeof(char *) * argc, MYF(MY_WME)));
+  argc--;
+  while (argc > 0)
+  {
+    temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
+    if (find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_PASSWORD ||
+        find_type((*argv)[argc - 1],&command_typelib, FIND_TYPE_BASIC) == ADMIN_OLD_PASSWORD)
+    {
+      char *start= (*argv)[argc];
+      while (*start)
+        *start++= 'x';
+      start= (*argv)[argc];
+      if (*start)
+        start[1]= 0;                         /* Cut length of argument */
+     }
+    argc--;
+  }
+  temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE));
+  return(temp_argv);
+}

 static void print_version(void)
 {