From 1522deafdad1d34562d8daa21ba218fc8f395d83 Mon Sep 17 00:00:00 2001
From: Gabriel Filion <gabster@lelutin.ca>
Date: Wed, 13 May 2015 16:02:36 -0400
Subject: mysql root password is leaked to the process list

Every time the root password reset is used we're leaking the password to
the process list. If we use the already present /root/.my.cnf for
credentials then it has the same effect for verification and we avoid
leaking the password.
---
 files/scripts/CentOS/setmysqlpass.sh   | 2 +-
 files/scripts/CentOS/setmysqlpass.sh.5 | 2 +-
 files/scripts/CentOS/setmysqlpass.sh.6 | 2 +-
 files/scripts/Debian/setmysqlpass.sh   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'files')

diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh
index 6876cb9..62b5b2f 100644
--- a/files/scripts/CentOS/setmysqlpass.sh
+++ b/files/scripts/CentOS/setmysqlpass.sh
@@ -24,7 +24,7 @@ must_have chown
 
 rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
 
-/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
+/usr/bin/mysqladmin --defaults-file=/root/.my.cnf status > /dev/null && echo "Nothing to do as the password already works" && exit 0
 
 /usr/bin/systemctl stop mariadb
 
diff --git a/files/scripts/CentOS/setmysqlpass.sh.5 b/files/scripts/CentOS/setmysqlpass.sh.5
index abd0931..b904487 100644
--- a/files/scripts/CentOS/setmysqlpass.sh.5
+++ b/files/scripts/CentOS/setmysqlpass.sh.5
@@ -4,7 +4,7 @@ test -f /root/.my.cnf || exit 1
 
 rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
 
-/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
+/usr/bin/mysqladmin --defaults-file=/root/.my.cnf status > /dev/null && echo "Nothing to do as the password already works" && exit 0
 
 /sbin/service mysqld stop
 
diff --git a/files/scripts/CentOS/setmysqlpass.sh.6 b/files/scripts/CentOS/setmysqlpass.sh.6
index abd0931..b904487 100644
--- a/files/scripts/CentOS/setmysqlpass.sh.6
+++ b/files/scripts/CentOS/setmysqlpass.sh.6
@@ -4,7 +4,7 @@ test -f /root/.my.cnf || exit 1
 
 rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
 
-/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
+/usr/bin/mysqladmin --defaults-file=/root/.my.cnf status > /dev/null && echo "Nothing to do as the password already works" && exit 0
 
 /sbin/service mysqld stop
 
diff --git a/files/scripts/Debian/setmysqlpass.sh b/files/scripts/Debian/setmysqlpass.sh
index 3de2781..aa1b701 100644
--- a/files/scripts/Debian/setmysqlpass.sh
+++ b/files/scripts/Debian/setmysqlpass.sh
@@ -25,7 +25,7 @@ must_have chown
 
 rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
 
-/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
+/usr/bin/mysqladmin --defaults-file=/root/.my.cnf status > /dev/null && echo "Nothing to do as the password already works" && exit 0
 
 /etc/init.d/mysql stop
 
-- 
cgit v1.2.3