[debian-mysql] Bug#915130: Further information

Yannik Sembritzki yannik at sembritzki.me
Fri Nov 30 19:23:21 GMT 2018


I'd like to add the following instructions on how to reproduce the problem:

$ apt purge maria* # if mariadb was installed previously. also select
"remove all mariadb databases" during purging
$ debconf-set-selections <<< "mariadb-server-10.1
mysql-server/root_password password hello"
$ debconf-set-selections <<< "mariadb-server-10.1
mysql-server/root_password_again password hello"
$ debconf-get-selections |grep maria
mariadb-server-10.1    mysql-server/root_password    password    hello
mariadb-server-10.1    mysql-server/root_password_again    password    hello
$ apt install -y mariadb-server-10.1
$mysql mysql <<< "select Host,User,Password,plugin from user;"
Host    User    Password    plugin
localhost    root        unix_socket


Also, the password remains in the debconf database, which is a security
issue:
$ debconf-get-selections |grep maria
mariadb-server-10.1    mysql-server/root_password    password    hello
mariadb-server-10.1    mysql-server/root_password_again    password    hello
mariadb-server-10.1    mariadb-server-10.1/postrm_remove_databases   
boolean    false
mariadb-server-10.1    mariadb-server-10.1/old_data_directory_saved   
note   
mariadb-server-10.1    mariadb-server-10.1/nis_warning    note  

The same is valid when using mariadb-server-10.1/root_password as key:
$ debconf-get-selections |grep maria
mariadb-server-10.1    mariadb-server-10.1/root_password    password   
hello
mariadb-server-10.1    mariadb-server-10.1/root_password_again   
password    hello
mariadb-server-10.1    mariadb-server-10.1/nis_warning    note   
mariadb-server-10.1    mariadb-server-10.1/postrm_remove_databases   
boolean    false
mariadb-server-10.1    mariadb-server-10.1/old_data_directory_saved   
note   



More information about the pkg-mysql-maint mailing list