--version-check behaves like spyware
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona Toolkit moved to https://jira.percona.com/projects/PT |
Fix Released
|
High
|
Daniel Nichter | ||
2.0 |
Invalid
|
Undecided
|
Daniel Nichter | ||
2.1 |
Fix Released
|
High
|
Daniel Nichter | ||
2.2 |
Fix Released
|
High
|
Daniel Nichter | ||
Percona XtraBackup moved to https://jira.percona.com/projects/PXB |
Opinion
|
Undecided
|
Unassigned |
Bug Description
Percona Toolkit 2.1 introduced --version-check to warn user about known vulnerabilities in the local MySQL instance and to check for PT updates. When this option is enabled - and it is enabled by default(!) - various information about local MySQL as well as other system binaries and packages are submitted to Percona along with the server's IP address. This not only exposes possibly sensitive information, but also does so without bringing it to user's attention or asking for their consent.
It gets worse. The configuration for what information PT tools should collect is not hardcoded in the scripts. Instead, every time it's downloaded from http://
In my opinion --version-check should never be enabled by default and if user wants to keep it enabled, the configuration (i.e. the list of checks) should be hardcoded and explicitly listed, and not downloaded from a remote location.
Current workaround: To avoid confidential information being exposed, always use --no-version-check with every PT tool that includes 'version-check' feature (e.g. pt-query-digest, pt-diskstats).
CVE References
description: | updated |
description: | updated |
summary: |
- Percona Toolkit behaves like spyware + VersionCheck behaves like spyware |
Changed in percona-toolkit: | |
assignee: | nobody → Daniel Nichter (daniel-nichter) |
tags: | added: all-tools version-check |
summary: |
- VersionCheck behaves like spyware + --version-check behaves like spyware |
Adding XtraBackup as an affected project. I agree, the decision to enable VersionCheck by default in PXB was dubious. I see no problems in reverting it if many people are unhappy about the current behavior.