[#MDEV-14796] debian warns of insecure root password when a plugin is used

[MDEV-14796] debian warns of insecure root password when a plugin is used Created: 2017-12-29 Updated: 2018-01-15 Resolved: 2018-01-15
Status:	Closed
Project:	MariaDB Server
Component/s:	Packaging, Platform Debian
Affects Version/s:	5.5.58
Fix Version/s:	5.5.59, 10.0.34, 10.3.4, 10.1.31, 10.2.13

Type:

Bug

Priority:

Major

Reporter:

Daniel Black

Assignee:

Sergey Vojtovich

Resolution:

Fixed

Votes:

Labels:

debian, foundation, packaging, patch

Environment:

Debian

Issue Links:

Relates
relates to	~~MDEV-8375~~	Debian: Passwordless mysqld root logi...	Closed

Sprint:

5.5.59

Description

SELECT count(*) FROM mysql.user WHERE user='root' and password=''

can report insecure root passwords even if a plugin is used.

If a bit unfair to report an unused password field as insecure if a plugin is set.

https://github.com/grooverdan/mariadb-server/tree/5.5-debian-insecure-root-plugin-empty is a patch that corrects this by testing adding and plugin='' in the sql. I submit this under the MCA.

Generated at Thu Feb 08 08:16:20 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.