Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4424

mysql_secure_installation treats backslashes in passwords as escape characters

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • 10.0.1, 5.5.30, 5.1.67, 5.2.14, 5.3.12
    • 5.5(EOL)
    • None
    • Linux drag0nius.pl 3.8.7-1-ARCH #1 SMP PREEMPT Sat Apr 13 09:01:47 CEST 2013 x86_64 GNU/Linux

    Description

      Passwords in "mysql_secure_installation" script are read without "-r" modifier meaning that backlashes passed into it by user are treated as escape character instead of real backslash (what in my opinion is desired)

      Example:
      1. Pass 1\23 as new root password in mysql_secure_installation script
      2. mysql -u root -p does not accept 1\23 password, but it accepts "123" instead,
      3. mysql_secure_installation accepts both 1\23 and 123

      Fix 1 (recommended):

      /usr/bin/mysql_secure_installation:

      line current replacement
      245 read password read -r password
      265 read password1 read -r password1
      268 read password2 read -r password2

      Fix 2:

      Another way would be informing user that backslash is treated as escape symbol and that you need to pass double backslash.

      Attachments

        Activity

          People

            Unassigned Unassigned
            drag0nius Krzysztof Nazarewski
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.