Upgrading from MySQL 5.7.36 to 5.7.39 replaces root's auth_socket with mysql_native_password and a simple password
Bug #1988200 reported by
Blum Bluntu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mysql-5.7 (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
I'm on Ubuntu 18.04.6.
Today, after doing apt upgrade, my MySQL server was upgraded from 5.7.36-
Before the upgrade I had my MySQL 'root' user's plugin set to 'auth_socket' and 'authentication
However the upgrade changed the MySQL 'root' user's plugin to 'mysql_
After decrypting the new password hash, I discovered it's 'root'.
This is potentially dangerous.
To post a comment you must log in.
Thank you for taking the time to file a bug report.
I tried reproducing this locally but failed. Here's what I did:
$ lxc launch ubuntu:bionic test-mysql /launchpad. net/~ubuntu- security- proposed/ +archive/ ubuntu/ ppa/+build/ 22324306/ +files/ mysql-server- core-5. 7_5.7.36- 0ubuntu0. 18.04.1_ amd64.deb https:/ /launchpad. net/~ubuntu- security- proposed/ +archive/ ubuntu/ ppa/+build/ 22324306/ +files/ mysql-server- 5.7_5.7. 36-0ubuntu0. 18.04.1_ amd64.deb mysql.conf. d/mysqld. cnf << __EOF__ load-add= auth_socket. so FORCE_PLUS_ PERMANENT authentication_ string from mysql.user;' ------- -----+- ------- ------- ------- -+----- ------- ------- ------- ------- ------- ---+ string | ------- -----+- ------- ------- ------- -+----- ------- ------- ------- ------- ------- ---+ password | *THISISNOTAVALI DPASSWORDTHATCA NBEUSEDHERE | password | *THISISNOTAVALI DPASSWORDTHATCA NBEUSEDHERE | password | *BAC57F6E71D415 AD367BD54FBE913 C5B896313AD | ------- -----+- ------- ------- ------- -+----- ------- ------- ------- ------- ------- ---+ authentication_ string from mysql.user;' ------- -----+- ------- ------- ------- -+----- ------- ------- ------- ------- ------- ---+ string | ------- -----+- ------- ------- ------- -+----- ------- ------- ------- ------- ------- ---+ password | *THISISNOTAVALI DPASSWORDTHATCA NBEUSEDHERE | password | *THISISNOTAVALI DPASSWORDTHATCA NBEUSEDHERE | password | *BAC57F6E71D415 AD367BD54FBE913 C5B896313AD | ------- -----+- ------- ------- ------- -+----- ------- ------- ------- ------- ------- ---+
$ lxc shell test-mysql
# apt update
# cd /tmp
# wget https:/
# apt install ./mysql-server*.deb
# cat >> /etc/mysql/
plugin-
auth_socket=
__EOF__
# systemctl restart mysql.service
# mysql -uroot -e 'select user,plugin,
+------
| user | plugin | authentication_
+------
| root | auth_socket | |
| mysql.session | mysql_native_
| mysql.sys | mysql_native_
| debian-sys-maint | mysql_native_
+------
# apt install mysql-server-5.7 --only-upgrade -y
...
# mysql -uroot -e 'select user,plugin,
+------
| user | plugin | authentication_
+------
| root | auth_socket | |
| mysql.session | mysql_native_
| mysql.sys | mysql_native_
| debian-sys-maint | mysql_native_
+------
As you can see, the value of 'authentication _string' is still empty, and I can successfully login as root without providing a password.
Since there is not enough information in your report to begin triage or to
differentiate between a local configuration problem and a bug in Ubuntu, I
am marking this bug as "Incomplete". We would be grateful if you would:
provide a more complete description of the problem, explain why you
believe this is a bug in Ubuntu rather than a problem specific to your
system, and then change the bug status back to "New".
For local configuration issues, you can find assistance here: www.ubuntu. com/support/ community
http://