SST auth password should not be exposed to 'ps'

Bug #1200727 reported by Jay Janssen on 2013-07-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL patches by Codership
Percona XtraDB Cluster moved to
Fix Released
Raghavendra D Prabhu

Bug Description


10960 pts/1 S+ 0:00 | \_ /bin/sh /etc/init.d/mysql start
10969 pts/1 S+ 0:00 | \_ /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --pid-file=/var/lib/mysql/
11230 pts/1 Sl+ 0:00 | | \_ /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/lib/mysql/error.log --pid-file=/var/lib/mysql/ --wsrep_start_position=000000
11245 pts/1 S+ 0:00 | | \_ /bin/bash -ue /usr//bin/wsrep_sst_xtrabackup --role joiner --address --auth sst:secret --datadir /var/lib/mysql/ --defaults-file /etc/my.cnf --parent 11230
11301 pts/1 S+ 0:00 | | \_ perl /usr//bin/innobackupex --defaults-file=/etc/my.cnf --apply-log /var/lib/mysql/
11322 pts/1 Sl+ 0:00 | | \_ xtrabackup_55 --defaults-file=/etc/my.cnf --defaults-group=mysqld --prepare --target-dir=/var/lib/mysql --tmpdir=/tmp

Can the 'secret' be masked there?

Jay Janssen (jay-janssen) wrote :

Also in the error log:

130712 12:24:22 [Note] WSREP: Running: 'wsrep_sst_xtrabackup --role 'donor' --address '' --auth 'sst:secret' --socket '/var/lib/mysql/mysql.sock' --datadir '/var/lib/mysql/' --defaults-file '/etc/my.cnf' --gtid '84da6d43-eb0e-11e2-b856-f2edc1eccf76:0''

Doing it in error log should be trivial, however, doing it for wsrep_sst_xtrabackup requires doing it with setproctitle(3) from libbsd.

Changed in percona-xtradb-cluster:
milestone: none → 5.5.32-23.7.6
status: New → Triaged
assignee: nobody → Raghavendra D Prabhu (raghavendra-prabhu)

a) The joiner doesn't need the sst auth in first place (since auth happens on donor).

b) The donor doesn't need to pass wsrep_sst_xtrabackup the user:password either. The wsrep_sst_common can directly parse the my.cnf file.

c) There already seems to be some masking present with sst_auth_real / wsrep_sst_auth but that doesn't seem to be working.

#b is the easiest fix for this, but also requires fixing in to not pass user:pass

Since the wsrep_sst_auth option may be provided during
testing/RQG, I will keep the option, instead another option:
wsrep_sst_auth can be added under [sst] (but not under [mysqld]) which can be read by
wsrep_sst_common without that showing up in ps.

I have fixed this in PXC, however, note that innobackupex still shows user/pass in ps output.

To prevent this, you need to pass it user/pass (like always) under [client] in my.cnf (and only there), innobackupex can read it from there.

Refer to for more details.

Changed in percona-xtradb-cluster:
status: Triaged → Fix Committed
Changed in percona-xtradb-cluster:
status: Fix Committed → Fix Released

Percona now uses JIRA for bug reports so this bug report is migrated to:

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers