#2707 dbconsole support password passing through /dev/fd/ - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#2707 ✓wontfix

dbconsole support password passing through /dev/fd/

Reported by Stephan Wehner | May 24th, 2009 @ 05:32 AM | in 3.x

A comment to the article at

http://dev.mysql.com/doc/refman/5.0/en/password-security-user.html

describes how one can pipe the password to mysql, instead of exposing it to other users when placing the password in the argument list when exec'ing to the mysql executable. Currently script/dbconsole offers the -p / --include-password option, so that the user will not inadvertently disclose their password.

On systems that allow pipes (most UNIX), and have the necessary /dev/fd filesystem support, this -p option is not needed, while still being able to provide the password to mysql. This is the motivation for the submitted patch. The implementation checks for compatibility and uses the feature if it is supported (ignoring the -p option)

In making this change, I found it quite involved, and so I split up all of the existing adapter code into separate ...Console classes.

I also added some new command line options. With this patch the options are


$ script/dbconsole -h
Usage: script/dbconsole [options] [environment] [database.yml]

Default environment is development
Default database.yml file is config/database.yml

Specific options:
    -x, --executable EXECUTABLE      executable to use. Defaults are sqlite, sqlite3, psql, mysql
    -p, --include-password           mysql/postgresql only: Automatically provide the password from database.yml
        --mycnf                      mysql only: Just output my.cnf file
        --mode [MODE]                sqlite3 only: put the database in the specified mode (html, list, line, column)
        --[no-]header                sqlite3 only: Turn headers on or off
    -v, --[no-]verbose               Run verbosely
    -h, --help                       Show this help message

In particular -h is now "help", and not "header". See comment to CommandLineInterfaceTest#test_help_option.

I added unit tests, and a new Rake task test:dbconsole to run these.

patch-dbconsole.diff 143.9 KB

Comments and changes to this ticket

You flagged this item as spam.
Stephan Wehner May 25th, 2009 @ 02:41 PM
- Tag changed from “dbconsole, mysql, patch” to “dbconsole, mysql, patch, security”
You flagged this item as spam.
Stephan Wehner May 26th, 2009 @ 05:12 PM
Ticket
- https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets...
asks about dbconsole using the database_configuration_file in config/environment.rb. This may be half-way accomplished through the option of this patch to specify the database.yml on the command line.
You flagged this item as spam.
Stephan Wehner May 28th, 2009 @ 03:58 PM
Attaching patch after rebasing / smaller changes.
- rebase.diff 45.1 KB
CancelProfileIsBroken August 6th, 2009 @ 02:55 PM
- Tag changed from “dbconsole, mysql, patch, security” to “bugmash, dbconsole, mysql, patch, security”
Rizwan Reza August 9th, 2009 @ 05:53 PM
not reproducible

-1 Both patches fail.
You flagged this item as spam.
Elad Meidar August 9th, 2009 @ 06:49 PM
i didn't quiet understand how to reproduce this ticket, pointers?
You flagged this item as spam.
Stephan Wehner September 20th, 2009 @ 05:18 AM
The point of this ticket is that the implementation of dbconsole's -p option, in the mysql case, is not as safe as it could be.

The idea of the -p option is that the database password is available when reading the config/database.yml file, and so the
user should not have to provide it.

The implementation before this patch uses mysql'd command line switch -p ... in other words, the password is passed to the mysql process through its argument list.

In general, the argument list of a process is not protected on Unix systems, and can be obtained by any other process.

In other words, the password is left to float around in plaintext in the system. Not a good idea!

So this patch provides a different, hopefully safer solution. It is based on the comment to the article at

http://dev.mysql.com/doc/refman/5.0/en/password-security-user.html

(as the description of this ticket begins with.)
You flagged this item as spam.
John Pignata September 24th, 2009 @ 02:13 PM
-1 This is a very involved change for a small security gain. It would probably be best to inform users via the --help msg that using -p could have security implications.
You flagged this item as spam.
Stephan Wehner September 30th, 2009 @ 09:29 PM
I believe it's good to make use of operating system features. I don't think I would judge the security gain as small.

The change is involved mostly because it includes unit tests, and the corresponding, new, "units".
Should be good also for future changes to have these tests.
Rizwan Reza February 12th, 2010 @ 12:46 PM
- Tag changed from “bugmash, dbconsole, mysql, patch, security” to “dbconsole, mysql, patch, security”
[bulk edit]
Jeremy Kemper May 4th, 2010 @ 06:48 PM
- Milestone changed from “2.x” to “3.x”
[bulk edit]
Rohit Arondekar June 15th, 2010 @ 10:45 AM
- Assigned user set to “Rizwan Reza”
Looks like this ticket can be closed?
Rizwan Reza September 6th, 2010 @ 10:39 PM
- State changed from “new” to “wontfix”
- Importance changed from “” to “”