Ubuntu
mysql-dfsg-5.0 package

mysql-server-5.0: Leaves password in debconf database

Bug #344816 reported by Jens
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-dfsg-5.0 (Debian)
Fix Released
Unknown
mysql-dfsg-5.0 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: mysql-server-5.0

After installing mysql-server-5.0 the password is still in the /var/cache/debconf/passwords.dat file.

jens@neo:~$ sudo cat /var/cache/debconf/passwords.dat
Name: mysql-server/root_password
Template: mysql-server/root_password
Value:
Owners: mysql-server-5.0
Flags: seen

Name: mysql-server/root_password_again
Template: mysql-server/root_password_again
Value: foobar
Owners: mysql-server-5.0
Flags: seen

This file is only readable by root, but since I take a backup of my debconf selections (using debconf-get-selections) this password got in a world readable file...

this bug appears to be fixed upstream, but I still have this behaviour in ubuntu jaunty alpha 6 with all updates.
link to upstream bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513262

jens@neo:~$ apt-cache policy mysql-server-5.0
mysql-server-5.0:
  Installed: 5.1.30really5.0.75-0ubuntu8
  Candidate: 5.1.30really5.0.75-0ubuntu8
  Version table:
 *** 5.1.30really5.0.75-0ubuntu8 0
        500 http://be.archive.ubuntu.com jaunty/main Packages
        100 /var/lib/dpkg/status

jens@neo:~$ lsb_release -rd
Description: Ubuntu jaunty (development branch)
Release: 9.04

Revision history for this message
Andreas Olsson (andol) wrote :

I can confirm this issue in Jaunty (MySQL 5.1.30really5.0.75-0ubuntu8)

Changed in mysql-dfsg-5.0:
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mysql-dfsg-5.0 - 5.1.30really5.0.75-0ubuntu10

---------------
mysql-dfsg-5.0 (5.1.30really5.0.75-0ubuntu10) jaunty; urgency=low

  * debian/mysql-server-5.0.postinst: Clear out the second password
    when setting up mysql. (LP: #344816)

 -- Chuck Short <email address hidden> Mon, 30 Mar 2009 14:59:35 -0400

Changed in mysql-dfsg-5.0:
status: Confirmed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in mysql-dfsg-5.0 (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.