Database administrator password can be seen in plain text if you execute debconf-get-selections

Bug #1018291 reported by Carlos Calvo Rivas
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Percona Server moved to
Fix Released
Stewart Smith
Fix Released
Tomislav Plavcic
Fix Released
Stewart Smith
Fix Released
Stewart Smith

Bug Description

Once you have installed your percona server, you can see in plain text the password you entered in the installation process as the administrator's account password if you run this command:

debconf-get-selections | grep "percona"

Tags: pkg Edit Tag help

Related branches

Revision history for this message
Alexey Kopytov (akopytov) wrote :

Confirmed. The postinst file only reset 'root_password' in debconf, but not 'root_password_again', so the root password is stored in cleartext, though the file is only readable by root.

tags: added: pkg
Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

Tested with

=== modified file 'build/debian/percona-xtradb-cluster-server-5.6.postinst'
--- build/debian/percona-xtradb-cluster-server-5.6.postinst 2013-11-13 10:08:23 +0000
+++ build/debian/percona-xtradb-cluster-server-5.6.postinst 2014-02-18 18:19:30 +0000
@@ -29,6 +29,7 @@
 set_mysql_rootpw() {
        # forget we ever saw the password. don't use reset to keep the seen status
        db_set percona-server-server/root_password ""
+ db_set percona-server-server/root_password_again ""

        if [ ! -f "$tfile" ]; then

Seems to work well.

Revision history for this message
Tomislav Plavcic (tplavcic) wrote :

Currently I only don't see this reset on version 5.1.
For 5.5 and 5.6 it has been added in the meantime.

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to:

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers