Originally posted by spirit
View Post
Announcement
Collapse
No announcement yet.
MySQL Hit By "Critical" Remote Code Execution 0-Day
Collapse
X
-
-
Originally posted by rohcQaH View PostThe article on legalhackers is very interesting. There are multiple bugs here, but the most critical one is privilege escalation to root, because the mysql_safe wrapper script does stupid things before dropping root privileges.
Which once again proves why it is a bad idea to have an init system that relies on a bunch of fragile bash scripts. On systemd, the privilege escalation is defeated by these three lines in the mysql.service file:
Code:[Service] User=mysql Group=mysql
- Likes 1
Comment
-
Yes, totally correct, the only solution against that crappy mysql startup script and the shitty mysqld_safe wrapper clearly is to immediately migrate to systemd. How can those stupid anti-systemd idiots just fail to see that? And there also was that shitty bind startup script, remember. All fools.
Comment
-
Originally posted by timtas View PostYes, totally correct, the only solution against that crappy mysql startup script and the shitty mysqld_safe wrapper clearly is to immediately migrate to systemd.
Comment
-
Originally posted by timtas View PostYes, totally correct, the only solution against that crappy mysql startup script and the shitty mysqld_safe wrapper clearly is to immediately migrate to systemd. How can those stupid anti-systemd idiots just fail to see that? And there also was that shitty bind startup script, remember. All fools.
Comment
-
Originally posted by timtas View PostYes, totally correct, the only solution against that crappy mysql startup script and the shitty mysqld_safe wrapper clearly is to immediately migrate to systemd. How can those stupid anti-systemd idiots just fail to see that? And there also was that shitty bind startup script, remember. All fools.
Comment
Comment