Percona Server moved to https://jira.percona.com/projects/PS

Database administrator password can be seen in plain text if you execute debconf-get-selections

Bug #1018291 reported by Carlos Calvo Rivas
30
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Percona Server moved to https://jira.percona.com/projects/PS
Fix Released
High
Stewart Smith
Percona Server moved to https://jira.percona.com/projects/PS 5.6.16-64.0
5.1
Fix Released
High
Tomislav Plavcic
Percona Server moved to https://jira.percona.com/projects/PS 5.1.73-14.12
5.5
Fix Released
High
Stewart Smith
Percona Server moved to https://jira.percona.com/projects/PS 5.5.36-34.0
5.6
Fix Released
High
Stewart Smith
Percona Server moved to https://jira.percona.com/projects/PS 5.6.16-64.0

Bug Description

Once you have installed your percona server, you can see in plain text the password you entered in the installation process as the administrator's account password if you run this command:

debconf-get-selections | grep "percona"

Tags: pkg

Related branches

lp:~tplavcic/percona-server/bug-1018291-5.1
Alexey Kopytov (community): Approve
Diff: 11 lines (+1/-0)
1 file modified
build/debian/percona-server-server-5.1.postinst (+1/-0)
lp:~stewart/percona-server/pkg-5.5
Laurynas Biveinis (community): Needs Fixing
Alexey Bychko (community): Approve
Diff: 9399 lines (+7340/-672) (has conflicts)
97 files modified
.bzrignore (+6/-6)
CMakeLists.txt (+1/-1)
Makefile-ps (+4/-24)
README (+11/-0)
UDF/Makefile.am (+2/-0)
UDF/configure.ac (+2/-3)
VERSION (+5/-0)
build-ps/build-binary.sh (+10/-11)
build-ps/build-rpm.sh (+2/-2)
build-ps/debian/control (+36/-31)
build-ps/debian/copyright (+787/-86)
build-ps/debian/libperconaserverclient18.files (+1/-1)
build-ps/debian/libperconaserverclient18.lintian-overrides (+6/-0)
build-ps/debian/libperconaserverclient18.postinst (+2/-0)
build-ps/debian/percona-server-client-5.5.files (+0/-1)
build-ps/debian/percona-server-client-5.5.lintian-overrides (+18/-0)
build-ps/debian/percona-server-server-5.5.docs (+2/-3)
build-ps/debian/percona-server-server-5.5.files (+3/-4)
build-ps/debian/percona-server-server-5.5.lintian-overrides (+14/-4)
build-ps/debian/percona-server-server-5.5.postinst (+20/-15)
build-ps/debian/percona-server-server-5.5.postrm (+1/-1)
build-ps/debian/percona-server-server-5.5.preinst (+12/-17)
build-ps/debian/percona-server-source-5.5.files (+1/-0)
build-ps/debian/percona-server-test-5.5.files (+1/-1)
build-ps/debian/po/POTFILES.in (+1/-0)
build-ps/debian/po/ar.po (+252/-0)
build-ps/debian/po/ca.po (+227/-0)
build-ps/debian/po/cs.po (+346/-0)
build-ps/debian/po/da.po (+382/-0)
build-ps/debian/po/de.po (+239/-0)
build-ps/debian/po/es.po (+390/-0)
build-ps/debian/po/eu.po (+236/-0)
build-ps/debian/po/fr.po (+251/-0)
build-ps/debian/po/gl.po (+249/-0)
build-ps/debian/po/it.po (+223/-0)
build-ps/debian/po/ja.po (+229/-0)
build-ps/debian/po/nb.po (+297/-0)
build-ps/debian/po/nl.po (+290/-0)
build-ps/debian/po/pt.po (+307/-0)
build-ps/debian/po/pt_BR.po (+443/-0)
build-ps/debian/po/ro.po (+319/-0)
build-ps/debian/po/ru.po (+229/-0)
build-ps/debian/po/sk.po (+219/-0)
build-ps/debian/po/sv.po (+229/-0)
build-ps/debian/po/templates.pot (+187/-0)
build-ps/debian/po/tr.po (+342/-0)
build-ps/debian/rules (+297/-86)
build-ps/debian/source/format (+1/-0)
build-ps/percona-server.spec (+23/-47)
build-ps/percona-shared-compat.spec (+2/-2)
build-ps/rpm/mysql-dubious-exports.patch (+2/-2)
build/build-dpkg.sh (+0/-138)
build/debian/libmysqlclient18-dev.README.Maintainer (+0/-4)
build/debian/libmysqlclient18-dev.examples (+0/-1)
build/debian/libmysqlclient18-dev.install (+0/-7)
build/debian/libmysqlclient18-dev.links (+0/-2)
build/debian/libmysqlclient18.links (+0/-1)
build/debian/percona-server-client-5.5.menu (+0/-3)
build/debian/source/format (+0/-1)
client/CMakeLists.txt (+11/-11)
cmake/info_macros.cmake.in (+1/-1)
cmake/make_dist.cmake.in (+20/-0)
cmake/mysql_version.cmake (+4/-4)
doc/source/installation.rst (+77/-30)
doc/source/management/pam_plugin.rst (+1/-1)
doc/source/upgrading_guide_51_55.rst (+1/-1)
handlersocket.patch (+0/-30)
libmysql/CMakeLists.txt (+14/-10)
libmysql/libmysql.map (+3/-3)
libmysql/libmysql.ver.in (+1/-1)
man/mysql_config.1 (+3/-3)
mysql-test/CMakeLists.txt (+1/-1)
mysql-test/r/mysql_plugin.result (+2/-2)
mysql-test/r/percona_innodb_version.result (+1/-1)
mysql-test/t/mysql_plugin.test (+2/-2)
mysql-test/t/percona_innodb_version.test (+1/-1)
packaging/rpm-uln/mysql.spec.sh (+5/-5)
plugin/percona-pam-for-mysql/CMakeLists.txt (+1/-1)
scripts/CMakeLists.txt (+2/-2)
scripts/mysql_config.pl.in (+3/-3)
scripts/mysql_config.sh (+2/-2)
storage/HandlerSocket-Plugin-for-MySQL/configure.ac (+7/-10)
storage/ndb/ndbapi-examples/mgmapi_logevent/Makefile (+1/-1)
storage/ndb/ndbapi-examples/mgmapi_logevent2/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_async/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_async1/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_event/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_retries/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_scan/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_simple/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_simple_dual/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_simple_index/Makefile (+1/-1)
storage/ndb/test/ndbapi/Makefile.am (+2/-2)
support-files/MySQL-shared-compat.spec.sh (+1/-1)
support-files/mysql.spec.sh (+3/-3)
tests/CMakeLists.txt (+2/-2)
uninstall_tests.sh (+0/-24)
lp:~stewart/percona-server/pkg-5.6
Laurynas Biveinis (community): Needs Fixing
Alexey Bychko (community): Approve
Diff: 9433 lines (+7292/-745)
94 files modified
.bzrignore (+6/-6)
CMakeLists.txt (+1/-1)
Makefile-ps (+4/-20)
README (+11/-0)
UDF/Makefile.am (+2/-0)
UDF/configure.ac (+2/-3)
VERSION (+1/-1)
build-ps/build-binary.sh (+8/-9)
build-ps/build-rpm.sh (+2/-2)
build-ps/debian/control (+30/-34)
build-ps/debian/copyright (+787/-86)
build-ps/debian/libperconaserverclient18.1.install (+1/-1)
build-ps/debian/libperconaserverclient18.1.postinst (+2/-0)
build-ps/debian/libperconaserverclient18.lintian-overrides (+6/-0)
build-ps/debian/percona-server-client-5.6.files (+0/-1)
build-ps/debian/percona-server-client-5.6.lintian-overrides (+18/-0)
build-ps/debian/percona-server-server-5.6.docs (+2/-3)
build-ps/debian/percona-server-server-5.6.files (+3/-4)
build-ps/debian/percona-server-server-5.6.lintian-overrides (+10/-0)
build-ps/debian/percona-server-server-5.6.postinst (+19/-15)
build-ps/debian/percona-server-server-5.6.postrm (+1/-1)
build-ps/debian/percona-server-server-5.6.preinst (+12/-17)
build-ps/debian/percona-server-source-5.6.files (+1/-0)
build-ps/debian/percona-server-test-5.6.files (+0/-1)
build-ps/debian/po/POTFILES.in (+1/-0)
build-ps/debian/po/ar.po (+252/-0)
build-ps/debian/po/ca.po (+227/-0)
build-ps/debian/po/cs.po (+346/-0)
build-ps/debian/po/da.po (+382/-0)
build-ps/debian/po/de.po (+239/-0)
build-ps/debian/po/es.po (+390/-0)
build-ps/debian/po/eu.po (+236/-0)
build-ps/debian/po/fr.po (+251/-0)
build-ps/debian/po/gl.po (+249/-0)
build-ps/debian/po/it.po (+223/-0)
build-ps/debian/po/ja.po (+229/-0)
build-ps/debian/po/nb.po (+297/-0)
build-ps/debian/po/nl.po (+290/-0)
build-ps/debian/po/pt.po (+307/-0)
build-ps/debian/po/pt_BR.po (+443/-0)
build-ps/debian/po/ro.po (+319/-0)
build-ps/debian/po/ru.po (+229/-0)
build-ps/debian/po/sk.po (+219/-0)
build-ps/debian/po/sv.po (+229/-0)
build-ps/debian/po/templates.pot (+187/-0)
build-ps/debian/po/tr.po (+342/-0)
build-ps/debian/rules (+290/-75)
build-ps/debian/source/format (+1/-0)
build-ps/percona-server.spec (+18/-57)
build/build-dpkg.sh (+0/-138)
build/debian/libmysqlclient-dev.README.Maintainer (+0/-4)
build/debian/libmysqlclient-dev.install (+0/-6)
build/debian/libmysqlclient-dev.links (+0/-2)
build/debian/libmysqlclient18.1.links (+0/-1)
build/debian/percona-server-client-5.6.menu (+0/-3)
build/debian/source/format (+0/-1)
build/rpm/mysql-dubious-exports.patch (+0/-103)
client/CMakeLists.txt (+12/-12)
cmake/info_macros.cmake.in (+1/-1)
cmake/libutils.cmake (+3/-3)
cmake/make_dist.cmake.in (+10/-0)
cmake/mysql_version.cmake (+4/-4)
doc/source/installation.rst (+78/-70)
doc/source/management/pam_plugin.rst (+1/-1)
doc/source/upgrading_guide_55_56.rst (+1/-1)
libmysql/CMakeLists.txt (+14/-14)
libmysql/libmysql.map (+4/-4)
libmysql/libmysql.ver.in (+1/-1)
man/mysql_config.1 (+3/-3)
mysql-test/CMakeLists.txt (+0/-1)
packaging/rpm-uln/mysql.spec.sh (+5/-5)
plugin/percona-pam-for-mysql/CMakeLists.txt (+1/-1)
scripts/CMakeLists.txt (+2/-2)
scripts/mysql_config.pl.in (+3/-3)
scripts/mysql_config.sh (+2/-2)
sql/password.c (+1/-1)
storage/ndb/ndbapi-examples/mgmapi_logevent/Makefile (+1/-1)
storage/ndb/ndbapi-examples/mgmapi_logevent2/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_async/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_async1/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_blob/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_blob_ndbrecord/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_event/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_recattr_vs_record/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_retries/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_s_i_ndbrecord/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_scan/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_simple/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_simple_dual/Makefile (+1/-1)
storage/ndb/ndbapi-examples/ndbapi_simple_index/Makefile (+1/-1)
storage/ndb/test/run-test/CMakeLists.txt (+1/-1)
support-files/MySQL-shared-compat.spec.sh (+1/-1)
support-files/mysql.spec.sh (+3/-3)
tests/CMakeLists.txt (+2/-2)
Revision history for this message
Alexey Kopytov (akopytov) wrote :

Confirmed. The postinst file only reset 'root_password' in debconf, but not 'root_password_again', so the root password is stored in cleartext, though the file is only readable by root.

Laurynas Biveinis (laurynas-biveinis)
tags: added: pkg
Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

Tested with

=== modified file 'build/debian/percona-xtradb-cluster-server-5.6.postinst'
--- build/debian/percona-xtradb-cluster-server-5.6.postinst 2013-11-13 10:08:23 +0000
+++ build/debian/percona-xtradb-cluster-server-5.6.postinst 2014-02-18 18:19:30 +0000
@@ -29,6 +29,7 @@
 set_mysql_rootpw() {
        # forget we ever saw the password. don't use reset to keep the seen status
        db_set percona-server-server/root_password ""
+ db_set percona-server-server/root_password_again ""

        tfile=`mktemp`
        if [ ! -f "$tfile" ]; then

Seems to work well.

Revision history for this message
Tomislav Plavcic (tplavcic) wrote :

Currently I only don't see this reset on version 5.1.
For 5.5 and 5.6 it has been added in the meantime.

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-569

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.