[debian-mysql] Bug#510875: mysql-server-5.0: does not ask for a password for `root' by default
Nico Golde
nion at debian.org
Mon Jan 5 16:23:34 UTC 2009
severity 510875 important
tags 510875 - security
Hi,
* Ansgar Burchardt <ansgar at 2008.43-1.org> [2009-01-05 16:42]:
> The question asking for the administrative password has a priority of
> `medium'. Debconf's default is to ask only questions of at least
> priority `high' since 1.4.61 (and d-i apparently sets this value by
> default even longer).
>
> This results in an empty root password by default. Every user which
> can connect from `localhost' has then full administrative privileges.
> The only thing he has to do is run `mysql -u root'.
Downgrading this bug, it is by no means a grave bug.
I also remove the security tag as this is what README.Debian
says:
* WHAT TO DO AFTER INSTALLATION:
================================
The MySQL manual describes certain steps to do at this stage in a separate
chapter. They are not necessary as the Debian packages does them
automatically.
The only thing that is left over for the admin is
- setting the *passwords* !!!
^^^^^^^^^^^^^^^^^^^^^^^
- creating new users and databases
- read the rest of this text
I'd personally mark this as wishlist but that's up to the maintainer.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20090105/270a399c/attachment.pgp
More information about the pkg-mysql-maint
mailing list