oss-sec mailing list archives
Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
From: Solar Designer <solar () openwall com>
Date: Tue, 4 Feb 2020 13:27:11 +0100
On Tue, Feb 04, 2020 at 11:26:04AM +0100, Matthias Gerstner wrote:
For Deb/RPM packaging MariaDB continues to suggest to use the following dir and file modes [2], [3]: mysql:root 0700 /usr/lib/mysql/plugin/auth_pam_tool_dir root:root 04755 /usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool I personally suggest the following directory mode instead: root:mysql 0750 /usr/lib/mysql/plugin/auth_pam_tool_dir
Why not simply root:mysql 04710 /usr/lib/mysql/plugin/auth_pam_tool without the directory? I see only one reason: it's a bigger change relative to the current implementation, which is more work now, but perhaps this cleanup is worth it longer-term. The approach with a directory (or several) is sometimes useful to limit access to a file yet avoid use of ACLs, but the case above looks simple enough not to require this complication. Alexander
Current thread:
- CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool Matthias Gerstner (Feb 04)
- Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool Solar Designer (Feb 04)