innobackupex script shows the password in the ps output, when its passed as a command line argument
Bug #907280 reported by
Ovais Tariq
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB | Status tracked in 2.4 | |||||
2.3 |
Fix Released
|
Medium
|
Hartmut Holzgraefe | |||
2.4 |
Fix Released
|
Medium
|
Hartmut Holzgraefe |
Bug Description
innobackupex script shows the password in clear-text in the output of 'ps' command, when the password is passed as a command-line argument.
Changed in percona-xtrabackup: | |
status: | New → Confirmed |
assignee: | nobody → Alexey Kopytov (akopytov) |
Changed in percona-xtrabackup: | |
status: | Confirmed → In Progress |
Changed in percona-xtrabackup: | |
assignee: | Alexey Kopytov (akopytov) → nobody |
To post a comment you must log in.
I don't see a way to fix this reliably. It is possible to change the process title that appears in ps output on some operating systems to hide the password. But:
- there will always be a relatively short period of time after the process is started and before the title is changed, when the password will still be visible in ps.
- it's not portable
- even after innobackupex changes the process title for its own process, it still calls the mysql command line client later with the same password on the command line, which has the same problem.
So it will just give a false sense of security, which is known to be even worse than a lack of security.
The only alternative to not have the password visible in ps is to add it to my.cnf and use that file with innobackupex. In case the configuration file containing the password must have different access attributes than the main my.cnf, the solution proposed in bug #740489 should work (which is a feature request for addition configuration file to be passed as --default- extra-file) .