Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
10.0.1, 5.5.30, 5.1.67, 5.2.14, 5.3.12
-
None
-
Linux drag0nius.pl 3.8.7-1-ARCH #1 SMP PREEMPT Sat Apr 13 09:01:47 CEST 2013 x86_64 GNU/Linux
Description
Passwords in "mysql_secure_installation" script are read without "-r" modifier meaning that backlashes passed into it by user are treated as escape character instead of real backslash (what in my opinion is desired)
Example:
1. Pass 1\23 as new root password in mysql_secure_installation script
2. mysql -u root -p does not accept 1\23 password, but it accepts "123" instead,
3. mysql_secure_installation accepts both 1\23 and 123
Fix 1 (recommended):
/usr/bin/mysql_secure_installation:
line | current | replacement |
---|---|---|
245 | read password | read -r password |
265 | read password1 | read -r password1 |
268 | read password2 | read -r password2 |
Fix 2:
Another way would be informing user that backslash is treated as escape symbol and that you need to pass double backslash.