Public bug reported:
MySQL Server 8.0 (on Eoan) binds to / listens on *:33060/tcp (MySQL X
protocol) by default. For the classic shell it binds to
localhost:3306/tcp only, as users will have gotten used to expect.
This seems like a potentially dangerous change of defaults - users may
not expect the service to start listening on an additional port (33060),
and may not expect the MySQL X protocol server to bind to *.
By default, no authentication should be possible from the network on the
MySQL X protocol (I tested using the debian-sys-maint user and its
password, as well as the root user, without a password). Some users may,
however, assume that network access is not possible and choose to set
simple mysql user passwords (for access from any host). Doing so would
certainly involve negligent operation on the users' part, but this does
not make it unlikely to happen. Ubuntu should (continue to) come with
secure defaults, where services which are more likely to be used locally
only (at least initially) should not listen on the network (anywhere but
on localhost anyways) by default.
ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: mysql-server 8.0.18-0ubuntu0.19.10.1
ProcVersionSignature: Ubuntu 5.3.0-24.26-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu8.2
Architecture: amd64
Date: Thu Dec 26 06:13:34 2019
InstallationDate: Installed on 2019-10-17 (69 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191016.5)
Logs.var.log.daemon.log:
MySQLConf.etc.mysql.conf.d.mysql.cnf: [mysql]
MySQLConf.etc.mysql.conf.d.mysqldump.cnf:
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
MySQLVarLibDirListing: ['binlog.000001', 'private_key.pem', 'ibdata1',
'#innodb_temp', 'mysql.ibd', 'ibtmp1', 'client-key.pem', 'undo_002',
'binlog.000002', 'ca.pem', 'ib_logfile1', 'mysql', 'debian-5.7.flag',
'client-cert.pem', 'binlog.index', 'server-cert.pem', 'x.pid', 'undo_001',
'ib_buffer_pool', 'performance_schema', 'auto.cnf', 'public_key.pem',
'ca-key.pem', 'ib_logfile0', 'sys', 'binlog.000003', 'server-key.pem']
PackageArchitecture: all
SourcePackage: mysql-8.0
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: mysql-8.0 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug eoan
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1857584
Title:
MySQL X protocol port 33060 listening on network by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1857584/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
