Debian Bug report logs -
#752593
mysql-server-5.5: should not test if root is writable
Reported by: Russell Coker <russell@coker.com.au>
Date: Wed, 25 Jun 2014 01:45:01 UTC
Severity: normal
Tags: patch
Found in version mysql-5.5/5.5.37-1
Fixed in version 5.5.46-0+deb8u1+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#752593; Package mysql-server-5.5.
(Wed, 25 Jun 2014 01:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>.
(Wed, 25 Jun 2014 01:45:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: mysql-server-5.5
Version: 5.5.37-1
Severity: normal
Tags: patch
For some reason mysqld_safe tests if the root directory is writable. I can't
work out why this is and in any case it's reundant as the other test (for USER
being root) passes in the normal Debian configuration.
type=AVC msg=audit(1403622580.061:96): avc: denied { write } for pid=1331 comm="mysqld_safe" name="/" dev="dm-0" ino=256 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir
type=SYSCALL msg=audit(1403622580.061:96): arch=c000003e syscall=269 success=yes exit=0 a0=ffffffffffffff9c a1=7f5e09bfe798 a2=2 a3=2 items=0 ppid=1109 pid=1331 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mysqld_safe" exe="/bin/dash" subj=system_u:system_r:mysqld_safe_t:s0 key=(null)
On a SE Linux system the above messages are logged every time mysqld is
started. I could put in a dontaudit rule for that but I prefer not to do that
because if mysqld_safe tries any other form of writing to the root directory
then it would be a bug that we should know about (and prevent).
The following patch makes no change to the functionality of mysqld startup on
a default Debian configuration while avoiding this problem.
It's probably worth considering whether the test even makes sense, but if it
does make sense then it's best to have it after the UID test.
--- mysqld_safe.orig 2014-06-25 11:37:02.394406559 +1000
+++ mysqld_safe 2014-06-25 11:37:24.442599244 +1000
@@ -585,7 +585,7 @@
fi
USER_OPTION=""
-if test -w / -o "$USER" = "root"
+if "$USER" = "root" -o test -w /
then
if test "$user" != "root" -o $SET_USER = 1
then
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mysql-server-5.5 depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.53
ii initscripts 2.88dsf-53.2
ii libc6 2.19-4
ii libdbi-perl 1.631-3
ii libgcc1 1:4.9.0-7
ii libstdc++6 4.9.0-7
ii lsb-base 4.1+Debian13
ii mysql-client-5.5 5.5.37-1
ii mysql-common 5.5.37-1
ii mysql-server-core-5.5 5.5.37-1
ii passwd 1:4.2-2
ii perl 5.18.2-4
ii psmisc 22.21-2
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages mysql-server-5.5 recommends:
pn libhtml-template-perl <none>
Versions of packages mysql-server-5.5 suggests:
ii bsd-mailx [mailx] 8.1.2-0.20131005cvs-1
pn tinyca <none>
-- debconf information:
mysql-server/root_password_again: (password omitted)
mysql-server/root_password: (password omitted)
mysql-server/no_upgrade_when_using_ndb:
mysql-server/error_setting_password:
mysql-server/password_mismatch:
mysql-server-5.5/postrm_remove_databases: false
mysql-server-5.5/start_on_boot: true
mysql-server-5.5/nis_warning:
mysql-server-5.5/really_downgrade: false
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Wed, 09 Mar 2016 22:07:55 GMT) (full text, mbox, link).
Notification sent
to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer.
(Wed, 09 Mar 2016 22:07:55 GMT) (full text, mbox, link).
Message #10 received at 752593-done@bugs.debian.org (full text, mbox, reply):
Version: 5.5.46-0+deb8u1+rm
Dear submitter,
as the package mysql-5.5 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/811158
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 07 Apr 2016 07:42:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Apr 28 22:06:12 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.