On 12 Jul 2013 01:25, "Jason Sipula" <alup...@gmail.com> wrote: > > Configuration Information [Automatically generated, do not change]: > Machine: x86_64 > OS: linux-gnu > Compiler: gcc > Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' > -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-redhat-linux-gnu' > -DCONF_VENDOR='redhat' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' > -DSHELL -DHAVE_CONFIG_H -I. -I. -I./include -I./lib -D_GNU_SOURCE > -DRECYCLES_PIDS -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fwrapv > uname output: Linux appsrv01.js.local 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue > Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux > Machine Type: x86_64-redhat-linux-gnu > > Bash Version: 4.1 > Patch Level: 2 > Release Status: release > > Description: > > Reproducible from both an SSH session as well as directly at the console. > > On BASH 4.1.x (4.1.2) running under CentOS 6.x (6.4 Final) and MySQL 5.1.x > (5.1.69). I believe this bug will persist on all distros running BASH 4.x.x > > After running the chained command (see below "Repeat-By" section), BASH > allows a password field to be seen in Clear Text, and then the BASH session > breaks until BASH session is restarted (logout then login). > > The purpose of the command is to dump the database "somedb" ... which would > normally dump to a text file for import later... but instead redirect > stdout to the stdin of the chained mysql command which will import all the > data from "somedb" into "someotherdb" on the same MySQL host. The command > works, but there's two problems. > > MySQL correctly challenges for password of "someuser" to perform the > mysqldump part, but once you type in the password and hit ENTER, it skips > to a new blank line without the shell prompt and just sits. It is waiting > for you to type in the password for "someuser" as the second part of the > command (but does not prompt for this and it's not intuitive, it appears > as-if the command is running)... If you type, it's in clear text! > Potentially a major security issue there. > > It gets worse... > > After you hit ENTER a second time, the command will finish, and it will > return a fresh line with the shell prompt. Everything looks normal... but > try typing. Nothing will show at all, however it is sending the keys to the > shell and will execute commands if you type them in and hit ENTER. Each > successful command will return you to a fresh shell line, but same thing > happens until you log out and back in (to restart BASH). Also, while this > is happening, you can hit the ENTER key over and over and BASH will just > keep repeating the shell prompt on the same line. > > Repeat-By: > > At the shell, issue the command: > > ~]# mysqldump -u someuser -p somedb | mysql -u someuser -p -D someotherdb > > Shouldn't need to run that command as root, but the mysql user must be > privileged enough to work with the two databases. To simplify things you > can replace "someuser" with root. > > Thank you, > > Jason Sipula > alup...@gmail.com
What does this have to do with bash? This is almost certainly an issue with your terminal it MySQL client. What about this would constitute a bash bug?
