<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Solar Designer <solar () openwall com>
Date: Tue, 4 Feb 2020 13:27:11 +0100
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Tue, Feb 04, 2020 at 11:26:04AM +0100, Matthias Gerstner wrote:
For Deb/RPM packaging MariaDB continues to suggest to use the following
dir and file modes [2], [3]:
mysql:root 0700 /usr/lib/mysql/plugin/auth_pam_tool_dir
root:root 04755 /usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
I personally suggest the following directory mode instead:
root:mysql 0750 /usr/lib/mysql/plugin/auth_pam_tool_dir
Why not simply
root:mysql 04710 /usr/lib/mysql/plugin/auth_pam_tool
without the directory? I see only one reason: it's a bigger change
relative to the current implementation, which is more work now, but
perhaps this cleanup is worth it longer-term.
The approach with a directory (or several) is sometimes useful to limit
access to a file yet avoid use of ACLs, but the case above looks simple
enough not to require this complication.
Alexander
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool Matthias Gerstner (Feb 04)
Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool Solar Designer (Feb 04)
Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool Matthias Gerstner (Feb 04)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->