Stefan Onken wrote:
Am Mittwoch, 7. Juli 2004 08:07 schrieb Frank Steiner:
are mysql updates planned w.r.t. http://www.securityfocus.com/archive/1/367991 ?
Just to avoid I recompile new versions myself when SuSE is already working on it :-)
SuSE never shipped the 4.1.x or 5.x Version, both are unstable (Beta and Alpha stage). The stable versions 3.x and 4.0.x are NOT affected.
Oh, my fault, indeed that's 4.0.13 and 4.0.18 here....
Sorry :-)
Hm, I normally run MySQL localhost, so only local attackers could have their fun. Apache can handle this. A problem is, if you segment servers: some to use apache and some to use mysql, then you can use simple firewall rules to prevent access. Another problem may be unsafe php programming. I changed this in /etc/init.d/mysql to run on localhost only: $SAFE_MYSQLD \ --user=$mysql_daemon_user \ --pid-file=$pid_file \ --socket=$socket \ # changed start --bind-address=127.0.0.1 \ # changed end --datadir=$datadir &>/dev/null & Normally I don't give users shellaccounts. If desirect you can do some bofh-work in /etc/security/limits.conf : @users hard core 0 @users hard data 8196 @users hard fsize 8196 @users hard memlock 2048 @users hard nofile 64 @users hard rss 8196 @users hard stack 2048 @users hard cpu 10 @users hard nproc 8 @users hard as 16384 @users hard maxlogins 2 @users hard priority 17 This only gives limited rights to users e.g. to change their filerights with scripts but don't run any unneccessary software like X (even makes problems to su). This settings only affect shell-logins. If you wanna allow admin to su add this line for user "admin": admin - This is no real good protection, but gives a littlebit more security. Philippe