Am 12. Sep, 2016 schwätzte Herminio Hernandez Jr. so:
moin moin,
> Basically they mirror the repos. So when it hits debian I will upgrade.
Ah, OK.
You might also want to create a couple of empty files and lock them down.
$datadir can be exploited, so pre-emptively putting empty conf files in
there that can't be changed by mysql is a good idea.
The following is for anyone with questions on locking down the config
files in $datadir.
Presuming $datadir is /var/lib/mysql either of the following will lock
down the files when run as root, but the first will destroy files you
might already have.
# >/var/lib/mysq/my.cnf
# >/var/lib/mysq/.my.cnf
# chmod 000 /var/lib/mysq/{.,}my.cnf
Or, with some minimal verification that it's safe...
# for file in /var/lib/mysq/{.,}my.cnf; do
if [ ! -e $file ] ; then
>$file
chmod 000 $file
ls -l $file
else
ls -l $file
echo "You might want to check on that"
fi
done
ciao,
der.hans
> Sent from my iPhone
>
>> On Sep 12, 2016, at 12:00 PM, der.hans <PLUGd@LuftHans.com> wrote:
>>
>> Am 12. Sep, 2016 schwätzte Herminio Hernandez Jr. so:
>>
>> moin moin,
>>
>>> Thanks have some SQL in DO droplets. Will be looking for this.
>>
>> Will DigitalOcean automagically apply the patches for you?
>>
>> I would expect it's in their best interest.
>>
>> I'm certain DreamHost is already upgraded. GoDaddy is probably rolling it
>> out already, but I no longer know anyone on the team over there, so am not
>> sure how quick they will be.
>>
>> This is admittedly one of the advantages of cloud. The infrastructure
>> providers can centrally test and roll out for everyone. The disadvantage
>> is if it's something that affects you, but they don't know or care about
>> it :).
>>
>> ciao,
>>
>> der.hans
>>
>>> Sent from my iPhone
>>>
>>>> On Sep 12, 2016, at 11:18 AM, der.hans <PLUGd@LuftHans.com> wrote:
>>>>
>>>> moin moin,
>>>>
>>>> a MySQL remote exploit was announced this morning. Percona and MariaDB
>>>> already have fixes that have not yet hit the distros.
>>>>
>>>> https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662
>>>>
>>>> http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
>>>>
>>>> Watch for updates.
>>>>
>>>> ciao,
>>>>
>>>> der.hans
>>>> --
>>>> # http://www.LuftHans.com/ http://www.PhxLinux.org/
>>>> # Fairy Tale, n.: A horror story to prepare children for the newspapers.
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>> --
>> # http://www.LuftHans.com/ http://www.PhxLinux.org/
>> # "You go to Afghanistan and you swallow enough dust that you'll pass an
>> # adobe brick." -- Robin Williams, 03Aug2006
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
# http://www.LuftHans.com/ http://www.PhxLinux.org/
# "Rock 'n' roll might not solve your problems, but it does let you dance
# all over them." -- Pete Townsend
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)