Database administrator password can be seen in plain text if you execute debconf-get-selections

Bug #1018291 reported by Carlos Calvo Rivas on 2012-06-27
30
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Percona Server
Status tracked in 5.6
5.1
High
Tomislav Plavcic
5.5
High
Stewart Smith
5.6
High
Stewart Smith

Bug Description

Once you have installed your percona server, you can see in plain text the password you entered in the installation process as the administrator's account password if you run this command:

debconf-get-selections | grep "percona"

Tags: pkg Edit Tag help

Related branches

lp:~stewart/percona-server/pkg-5.6
Merged into lp:percona-server at revision 531
Laurynas Biveinis: Needs Fixing on 2014-01-21
Alexey Bychko (community): Approve on 2014-01-09
Alexey Kopytov (akopytov) wrote :

Confirmed. The postinst file only reset 'root_password' in debconf, but not 'root_password_again', so the root password is stored in cleartext, though the file is only readable by root.

tags: added: pkg

Tested with

=== modified file 'build/debian/percona-xtradb-cluster-server-5.6.postinst'
--- build/debian/percona-xtradb-cluster-server-5.6.postinst 2013-11-13 10:08:23 +0000
+++ build/debian/percona-xtradb-cluster-server-5.6.postinst 2014-02-18 18:19:30 +0000
@@ -29,6 +29,7 @@
 set_mysql_rootpw() {
        # forget we ever saw the password. don't use reset to keep the seen status
        db_set percona-server-server/root_password ""
+ db_set percona-server-server/root_password_again ""

        tfile=`mktemp`
        if [ ! -f "$tfile" ]; then

Seems to work well.

Tomislav Plavcic (tplavcic) wrote :

Currently I only don't see this reset on version 5.1.
For 5.5 and 5.6 it has been added in the meantime.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers