Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-4424

mysql_secure_installation treats backslashes in passwords as escape characters

Details

    • Bug
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • 10.0.1, 5.5.30, 5.1.67, 5.2.14, 5.3.12
    • 5.5(EOL)
    • None
    • Linux drag0nius.pl 3.8.7-1-ARCH #1 SMP PREEMPT Sat Apr 13 09:01:47 CEST 2013 x86_64 GNU/Linux

    Description

      Passwords in "mysql_secure_installation" script are read without "-r" modifier meaning that backlashes passed into it by user are treated as escape character instead of real backslash (what in my opinion is desired)

      Example:
      1. Pass 1\23 as new root password in mysql_secure_installation script
      2. mysql -u root -p does not accept 1\23 password, but it accepts "123" instead,
      3. mysql_secure_installation accepts both 1\23 and 123

      Fix 1 (recommended):

      /usr/bin/mysql_secure_installation:

      line current replacement
      245 read password read -r password
      265 read password1 read -r password1
      268 read password2 read -r password2

      Fix 2:

      Another way would be informing user that backslash is treated as escape symbol and that you need to pass double backslash.

      Attachments

        Activity

          No workflow transitions have been executed yet.

          People

            Unassigned Unassigned
            drag0nius Krzysztof Nazarewski
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.