[debian-mysql] Bug#915130: Further information
Yannik Sembritzki
yannik at sembritzki.me
Fri Nov 30 19:23:21 GMT 2018
I'd like to add the following instructions on how to reproduce the problem:
$ apt purge maria* # if mariadb was installed previously. also select
"remove all mariadb databases" during purging
$ debconf-set-selections <<< "mariadb-server-10.1
mysql-server/root_password password hello"
$ debconf-set-selections <<< "mariadb-server-10.1
mysql-server/root_password_again password hello"
$ debconf-get-selections |grep maria
mariadb-server-10.1 mysql-server/root_password password hello
mariadb-server-10.1 mysql-server/root_password_again password hello
$ apt install -y mariadb-server-10.1
$mysql mysql <<< "select Host,User,Password,plugin from user;"
Host User Password plugin
localhost root unix_socket
Also, the password remains in the debconf database, which is a security
issue:
$ debconf-get-selections |grep maria
mariadb-server-10.1 mysql-server/root_password password hello
mariadb-server-10.1 mysql-server/root_password_again password hello
mariadb-server-10.1 mariadb-server-10.1/postrm_remove_databases
boolean false
mariadb-server-10.1 mariadb-server-10.1/old_data_directory_saved
note
mariadb-server-10.1 mariadb-server-10.1/nis_warning note
The same is valid when using mariadb-server-10.1/root_password as key:
$ debconf-get-selections |grep maria
mariadb-server-10.1 mariadb-server-10.1/root_password password
hello
mariadb-server-10.1 mariadb-server-10.1/root_password_again
password hello
mariadb-server-10.1 mariadb-server-10.1/nis_warning note
mariadb-server-10.1 mariadb-server-10.1/postrm_remove_databases
boolean false
mariadb-server-10.1 mariadb-server-10.1/old_data_directory_saved
note
More information about the pkg-mysql-maint
mailing list