Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4424

mysql_secure_installation treats backslashes in passwords as escape characters

Details

    • Bug
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • 10.0.1, 5.5.30, 5.1.67, 5.2.14, 5.3.12
    • 5.5(EOL)
    • None
    • Linux drag0nius.pl 3.8.7-1-ARCH #1 SMP PREEMPT Sat Apr 13 09:01:47 CEST 2013 x86_64 GNU/Linux

    Description

      Passwords in "mysql_secure_installation" script are read without "-r" modifier meaning that backlashes passed into it by user are treated as escape character instead of real backslash (what in my opinion is desired)

      Example:
      1. Pass 1\23 as new root password in mysql_secure_installation script
      2. mysql -u root -p does not accept 1\23 password, but it accepts "123" instead,
      3. mysql_secure_installation accepts both 1\23 and 123

      Fix 1 (recommended):

      /usr/bin/mysql_secure_installation:

      line current replacement
      245 read password read -r password
      265 read password1 read -r password1
      268 read password2 read -r password2

      Fix 2:

      Another way would be informing user that backslash is treated as escape symbol and that you need to pass double backslash.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          View 5 older comments
          drag0nius Krzysztof Nazarewski added a comment - - edited

          Patching process:
          1. Open the file with VIM
          2. Write ":%s/read pass/read -r pass/g", press Enter

          Patched "1\23"

          root localhost *4D617476C30310C15DB73E333FA5CC4E555B3BDA

          Unpached "1
          23":

          root localhost *4D617476C30310C15DB73E333FA5CC4E555B3BDA

          Unpached "1\23"

          root localhost *23AE809DDACAF96AF0FD78ED04B6A265E05AA257

          Patched "123"

          root localhost *23AE809DDACAF96AF0FD78ED04B6A265E05AA257

          Unpatched "123"

          root localhost *23AE809DDACAF96AF0FD78ED04B6A265E05AA257

          Patched "1\2\3\"

          root localhost *9FB0E6F84609F74C3EAB1A26C41953DE1D133889

          Unpached "1\\2\\3
          "

          root localhost *9FB0E6F84609F74C3EAB1A26C41953DE1D133889

          Unpached "1\2\3\"

          root localhost *23AE809DDACAF96AF0FD78ED04B6A265E05AA257

          You can clearly see that all variants of single-backslash passwords passed to installation script become "123" after the script is done.
          On my computer it works the way it should and i get results i expect both in patched and unpatched version.

          To be honest i have no idea where did you get that from, i suggest checking it again:

          root *6CE27BDC6F768BB235AA78F24453062FAEEC9A6F

          Try typing "1\2\3" in the first prompt, then "123" in retyping, the script will pass through setting "123" password.

          drag0nius Krzysztof Nazarewski added a comment - - edited Patching process: 1. Open the file with VIM 2. Write ":%s/read pass/read -r pass/g", press Enter Patched "1\23" root localhost *4D617476C30310C15DB73E333FA5CC4E555B3BDA Unpached "1 23": root localhost *4D617476C30310C15DB73E333FA5CC4E555B3BDA Unpached "1\23" root localhost *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 Patched "123" root localhost *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 Unpatched "123" root localhost *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 Patched "1\2\3\" root localhost *9FB0E6F84609F74C3EAB1A26C41953DE1D133889 Unpached "1\\2\\3 " root localhost *9FB0E6F84609F74C3EAB1A26C41953DE1D133889 Unpached "1\2\3\" root localhost *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 You can clearly see that all variants of single-backslash passwords passed to installation script become "123" after the script is done. On my computer it works the way it should and i get results i expect both in patched and unpatched version. To be honest i have no idea where did you get that from, i suggest checking it again: root *6CE27BDC6F768BB235AA78F24453062FAEEC9A6F Try typing "1\2\3" in the first prompt, then "123" in retyping, the script will pass through setting "123" password.
          elenst Elena Stepanova added a comment - - edited

          I figured it out, it seems to be caused by an old bug in dash https://bugs.launchpad.net/ubuntu/+source/dash/+bug/259671 (which is ubuntu's sh, which is used by mysql_secure_installation). At some point mysql_secure_installation uses echo to escape the password line, and that's where the bug shows up.

          elenst@ubuntu12-04:/data$ ls -l /bin/sh
          lrwxrwxrwx 1 root root 4 Jan 24 16:29 /bin/sh -> dash

          elenst@ubuntu12-04:/data$ /bin/sh
          $ read -r p
          1\23
          $ echo $p
          1�Ё
          $ exit
          elenst@ubuntu12-04:/data$ echo $SHELL
          /bin/bash
          elenst@ubuntu12-04:/data$ read -r p
          1\23
          elenst@ubuntu12-04:/data$ echo $p
          1\23

          Hence it's indeed a glitch of my system, yours works reasonably.

          So, as said before, I recommend to file a bug report at bugs.mysql.com, as soon as they make a change it will be incorporated to the corresponding version of MariaDB.

          Upd: I see you've already done it, MySQL:69044.

          elenst Elena Stepanova added a comment - - edited I figured it out, it seems to be caused by an old bug in dash https://bugs.launchpad.net/ubuntu/+source/dash/+bug/259671 (which is ubuntu's sh, which is used by mysql_secure_installation). At some point mysql_secure_installation uses echo to escape the password line, and that's where the bug shows up. elenst@ubuntu12-04:/data$ ls -l /bin/sh lrwxrwxrwx 1 root root 4 Jan 24 16:29 /bin/sh -> dash elenst@ubuntu12-04:/data$ /bin/sh $ read -r p 1\23 $ echo $p 1�Ё $ exit elenst@ubuntu12-04:/data$ echo $SHELL /bin/bash elenst@ubuntu12-04:/data$ read -r p 1\23 elenst@ubuntu12-04:/data$ echo $p 1\23 Hence it's indeed a glitch of my system, yours works reasonably. So, as said before, I recommend to file a bug report at bugs.mysql.com, as soon as they make a change it will be incorporated to the corresponding version of MariaDB. Upd: I see you've already done it, MySQL:69044.
          drag0nius Krzysztof Nazarewski added a comment -

          Reported already

          drag0nius Krzysztof Nazarewski added a comment - Reported already
          danblack Daniel Black added a comment -

          Seems dash bug was ruled invalid. MySQL have a fix - migrating to a C++ version client/mysql_secure_installation.cc

          alternately could #!/bin/bash at top.

          danblack Daniel Black added a comment - Seems dash bug was ruled invalid. MySQL have a fix - migrating to a C++ version client/mysql_secure_installation.cc alternately could #!/bin/bash at top.
          danblack Daniel Black added a comment -

          There are other aspects of escaping that are also problematic in the script. Docker library fixes these with bash specific constructs - https://github.com/MariaDB/mariadb-docker/commit/58f4020613e4b96ab0a937890af1a7a4e0dc4b00.

          danblack Daniel Black added a comment - There are other aspects of escaping that are also problematic in the script. Docker library fixes these with bash specific constructs - https://github.com/MariaDB/mariadb-docker/commit/58f4020613e4b96ab0a937890af1a7a4e0dc4b00 .

          People

            Unassigned Unassigned
            drag0nius Krzysztof Nazarewski
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.