[MDEV-14796] debian warns of insecure root password when a plugin is used - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.58
Fix Version/s: 5.5.59, 10.0.34, 10.3.4, 10.1.31, 10.2.13
Component/s: Packaging, Platform Debian
Labels:
- debian
- foundation
- packaging
- patch
Environment:
Debian

Sprint:
5.5.59

Description

SELECT count(*) FROM mysql.user WHERE user='root' and password=''

can report insecure root passwords even if a plugin is used.

If a bit unfair to report an unused password field as insecure if a plugin is set.

https://github.com/grooverdan/mariadb-server/tree/5.5-debian-insecure-root-plugin-empty is a patch that corrects this by testing adding and plugin='' in the sql. I submit this under the MCA.

FYI Otto Kekäläinen, Ondřej Surý

Attachments

Issue Links

relates to

MDEV-8375 Debian: Passwordless mysqld root login via socket auth bugfixing

Closed

Activity

People

Assignee:: Sergey Vojtovich

Reporter:: Daniel Black

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2017-12-29 00:45

Updated:: 2018-01-15 12:26

Resolved:: 2018-01-15 12:26