mysqldump command line fails when password includes shell metacharacters | Report Bugs | Forum Archive

The free forums are no longer in use. It remains available as read-only archive.

Avatar
Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
The forums are currently locked and only available for read only access
sp_TopicIcon
mysqldump command line fails when password includes shell metacharacters
April 16, 2012
12:44 am
Avatar
Guest
Guests

Hi,

 

in XClone 3.1 the mysqldump command line construction is not safe when shell metacharacters are part of the password. For example a password starting with or including ">" will be truncated at that character and the output redirected to a file consisting of the remains of the password. To correct this, cloner.functions.php, line 1971 could be changed to:

 

exec($_CONFIG[sqldump] . " -h " . $_CONFIG['mysql_host'] . " -u " . $_CONFIG['mysql_user'] . " --password='" . $_CONFIG['mysql_pass'] . "' " . $dbname . " > " . $sqlfile . " $drop --allow-keywords " . $ex_dump);

 

Note that the password is now included in single quotes, which will defuse the metacharacters *EXCEPT FOR A SINGLE QUOTE*. I don't know what the right PHP function is to sanitise a string that may include a single quote, and render it as "\'" (backslash single-quote). Note that the other fields should be relatively safe from this problem; host names and user names don't normally use characters that are part of the shell metacharacter set (dollar, brackets of various types, less than and greater than symbols, ampersand, bang, pipe, semicolon, asterisk, question mark and single, double and back quotes).

Forum Timezone: America/Chicago
Most Users Ever Online: 867
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
mlguru: 30
Django29: 29
Andy: 21
D: 21
Marcus: 20
Jamie F: 19
Member Stats:
Guest Posters: 737
Members: 9462
Moderators: 2
Admins: 3
Forum Stats:
Groups: 3
Forums: 7
Topics: 2397
Posts: 8236
Newest Members:
Robert Dumitru
Moderators: TriP: 0, Steve Burge: 0
Administrators: Ovidiu Liuta: 2484, Victor Drover: 1, Valentin Barbu: 0