[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] mysql updates?
> Stefan Onken wrote:
> > Am Mittwoch, 7. Juli 2004 08:07 schrieb Frank Steiner:
> >>are mysql updates planned w.r.t.
> >>http://www.securityfocus.com/archive/1/367991 ?
> >>Just to avoid I recompile new versions myself when SuSE is
> >>already working on it :-)
> > SuSE never shipped the 4.1.x or 5.x Version, both are unstable (Beta
> > and Alpha stage). The stable versions 3.x and 4.0.x are NOT
> > affected.
> Oh, my fault, indeed that's 4.0.13 and 4.0.18 here....
> Sorry :-)
Hm, I normally run MySQL localhost, so only local attackers could have their
Apache can handle this.
A problem is, if you segment servers: some to use apache and some to use
mysql, then you can use simple firewall rules to prevent access.
Another problem may be unsafe php programming.
I changed this in /etc/init.d/mysql to run on localhost only:
# changed start
# changed end
--datadir=$datadir &>/dev/null &
Normally I don't give users shellaccounts.
If desirect you can do some bofh-work in /etc/security/limits.conf :
@users hard core 0
@users hard data 8196
@users hard fsize 8196
@users hard memlock 2048
@users hard nofile 64
@users hard rss 8196
@users hard stack 2048
@users hard cpu 10
@users hard nproc 8
@users hard as 16384
@users hard maxlogins 2
@users hard priority 17
This only gives limited rights to users e.g. to change their filerights with
scripts but don't run any unneccessary software like X (even makes problems
This settings only affect shell-logins.
If you wanna allow admin to su add this line for user "admin":
This is no real good protection, but gives a littlebit more security.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here