>Description: I have just installed mysql 3.23.33 on my system and was testing the mysqldump command as per the manual. I have not created any new databases. When I run mysqldump with the --tab option, the *.txt files created are world read/writable. This is a serious security issue that world writeable files are created (especially user.txt when dumping mysql). I have traced this back to line 935 of mysqldump.c where the SQL string with the INTO OUTFILE is created. >How-To-Repeat: I have followed the setup examples as per the documentation: * as root, create the 'mysql' user and group * as root chown ownership & group to 'mysql' for the mysql installation * as mysql user, create initial databases: mysql@lager% ./bin/mysql_install_db * copied mysql.server startup script to /etc/init.d. Added a bit more security so that safe_mysqld now has the --user=mysql option. (I would have liked to use the --secure & --safe-show-database options as described in the manual, but they are not supported by this version of mysqld.) * start mysqld by running /etc/init.d/mysql.server as *root*: root@lager# /etc/init.d/mysql.server start Starting mysqld daemon with databases from /usr/local/pkgs/mysql-3.23.33/var mysql@lager% ps -ef|grep mysqld root 17014 1 0 22:54:34 pts/3 0:00 /bin/sh /usr/local/pkgs/mysql-3.23.33/bin/safe_mysqld --user=mysql --datadir=/u mysql 17031 17014 0 22:54:34 pts/3 0:00 /usr/local/pkgs/mysql-3.23.33/libexec/mysqld --basedir=/usr/local/pkgs/mysql-3. * Note that the shell umask for these users is sensible: mysql@lager% umask 022 root@lager# umask 002 * I select from a table and write the results to a file: mysql@lager% ./bin/mysql -u root -p mysql Enter password: ******** mysql> select * from user into outfile '/tmp/umask.test1'; Query OK, 4 rows affected (0.00 sec) mysql> quit Bye mysql@lager% ls -l /tmp/umask.test1 -rw-rw-rw- 1 mysql mysql 192 Mar 8 23:26 /tmp/umask.test1 * Now I set my environment variable of UMASK to 022 for both the root and mysql user and restart the daemon. mysql@lager% UMASK=384 ; export UMASK root@lager% UMASK=384 ; export UMASK root@lager# /etc/init.d/mysql.server start (note that I have also tried values of 022 for UMASK) * I select from a table and write the results to a file: mysql@lager% ./bin/mysql -u root -p mysql Enter password: ******** mysql> select * from user into outfile '/tmp/umask.test2'; Query OK, 4 rows affected (0.00 sec) mysql> quit Bye mysql@lager% ls -l /tmp/umask.test2 -rw-rw-rw- 1 mysql mysql 192 Mar 8 23:30 /tmp/umask.test2 * If the file exists with different permissions before an INTO OUTFILE is called, the file's permissions change to world read/writeable after INTO OUTFILE is called. * Note - I have also seen this behaviour with MySQL version 3.22.32 >Fix: The quick fix I can think of is to change permissions on the dump directory so no-one else can read it. Also, immediately after running the dump, chmod the files back to something a bit better. But these are just workarounds and only applies to dumps and not any other writing to files. The problem may lie in libmysql/my_open.c where the open is called. Otherwise, it looks like the code issue may be when the umask is set in line 95 of libmysql/my_init.c. The logic tests for the UMASK environment variable to be there and sets my_umask to octal version of the env var or 0600. Very sensible, but what happens if UMASK environmrnt variable is not defined at all? This code does nothing. Not that the umask is being set correctly anyway. Either way, I am way out of my depth with C code. I wouldn't really know what to do from here. >Submitter-Id: <submitter ID> >Originator: John Warburton >Organization: Uniq Advances >MySQL support: none >Synopsis: INTO OUTFILE 'filename' creates world writeable files >Severity: serious >Priority: medium >Category: mysql >Class: sw-bug >Release: mysql-3.23.33 (Source distribution) >Environment: System: SunOS lager 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-5_10 Architecture: sun4 Some paths: /usr/local/bin/perl /usr/ccs/bin/make /usr/local/bin/gcc GCC: Reading specs from /usr/local/pkgs/gcc-2.95.2-SunOS5.7/lib/gcc-lib/sparc-sun-solaris2.7/2.95.2/specs gcc version 2.95.2 19991024 (release) Compilation info: CC='gcc' CFLAGS='' CXX='gcc' CXXFLAGS='' LDFLAGS='' LIBC: -rw-r--r-- 1 bin bin 1696732 Apr 27 2000 /lib/libc.a lrwxrwxrwx 1 root root 11 May 6 2000 /lib/libc.so -> ./libc.so.1 -rwxr-xr-x 1 bin bin 1115336 Apr 27 2000 /lib/libc.so.1 -rw-r--r-- 1 bin bin 1696732 Apr 27 2000 /usr/lib/libc.a lrwxrwxrwx 1 root root 11 May 6 2000 /usr/lib/libc.so -> ./libc.so.1 -rwxr-xr-x 1 bin bin 1115336 Apr 27 2000 /usr/lib/libc.so.1 Configure command: ./configure --with-unix-socket-path=/var/tmp/mysql.sock --with-low-memory --with-mit-threads=yes --without-perl --enable-thread-safe-client --without-berkeley-db --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php