Skip to content
Permalink
Browse files

Bug#27919254 MYSQL USER ESCALATES ITS PRIVILEGE BY PLACING ARBITRARY …

…PIDS INTO ITS PID FILES

Shutdown server as mysql user to avoid accidentally sending signal to
wrong process.
  • Loading branch information...
trosten committed Jun 20, 2018
1 parent cad692f commit e1fdeb2468f3ee16e34e0c3af856edde128836e5
Showing with 3 additions and 3 deletions.
  1. +1 −1 packaging/rpm-oel/mysql.init
  2. +2 −2 packaging/rpm-sles/mysql.init
@@ -159,7 +159,7 @@ stop(){
fi
MYSQLPID=`cat "$mypidfile"`
if [ -n "$MYSQLPID" ]; then
/bin/kill "$MYSQLPID" >/dev/null 2>&1
/bin/su - mysql -s /bin/bash -c "/bin/kill $MYSQLPID" >/dev/null 2>&1
ret=$?
if [ $ret -eq 0 ]; then
TIMEOUT="$STOPTIMEOUT"
@@ -163,7 +163,7 @@ stop () {

# We use a signal to avoid having to know the root password
# Send single kill command and then wait
if kill $pid >/dev/null 2>&1; then
if su - mysql -s /bin/bash -c "kill $pid" >/dev/null 2>&1; then
timer=$STOPTIMEOUT
while [ $timer -gt 0 ]; do
kill -0 $pid >/dev/null 2>&1 || break
@@ -196,7 +196,7 @@ reload () {
ret=0
if chk_running && mysqladmin --no-defaults --socket="$socket" ping >/dev/null 2>&1 ; then
pid=$(cat "$pidfile")
kill -HUP $pid >/dev/null 2>&1
su - mysql -s /bin/bash -c "kill -HUP $pid" >/dev/null 2>&1
echo -n "Reloading service MySQL:"
rc_reset
else

0 comments on commit e1fdeb2

Please sign in to comment.
You can’t perform that action at this time.