Bug#510875: here's a patch; please consider for lenny

Thu, 08 Jan 2009 04:38:36 -0800 

tags 510875 patch
thanks

Hi,

> > > This results in an empty root password by default.  Every user which
> > > can connect from `localhost' has then full administrative privileges.
> > > The only thing he has to do is run `mysql -u root'.

> FYI the MySQL package in Ubuntu changes the debconf priority to high.

Yes, and although not release critical, I think this would still be a very
useful change to push for lenny as a proactive security measure. The
intention of the question is clear, it's just that the priority makes it
being missed in many cases.

Attached is a patch which I think should be acceptable for lenny. Will you
consider uploading this? I'm willing to do the upload myself if that's
desired, let me know in that case.


cheers,
Thijs
Index: debian/changelog
===================================================================
--- debian/changelog	(revision 1388)
+++ debian/changelog	(working copy)
@@ -1,3 +1,11 @@
+mysql-dfsg-5.0 (5.0.51a-20.1) testing-proposed-updates; urgency=low
+
+  * Ask for MySQL root password at high priority, because
+    otherwise all default installations will miss this question
+    (closes: #510875).
+
+ -- Thijs Kinkhorst <th...@debian.org>  Thu, 08 Jan 2009 13:30:43 +0100
+
 mysql-dfsg-5.0 (5.0.51a-20) testing-proposed-updates; urgency=low
 
   * New patch 60_fix_leap_seconds.dpatch from 5.0.74 to return leap second
Index: debian/mysql-server-5.0.postinst
===================================================================
--- debian/mysql-server-5.0.postinst	(revision 1388)
+++ debian/mysql-server-5.0.postinst	(working copy)
@@ -255,7 +255,7 @@
 # fails for any other reason, nothing happens.
 if [ "$1" = "configure" ]; then
 	if test_mysql_access; then
-		db_input medium mysql-server/root_password || true
+		db_input high mysql-server/root_password || true
 		db_go
 		db_get mysql-server/root_password && rootpw="$RET"
 
Index: debian/mysql-server-5.0.config
===================================================================
--- debian/mysql-server-5.0.config	(revision 1388)
+++ debian/mysql-server-5.0.config	(working copy)
@@ -19,7 +19,7 @@
 if [ "$1" = "configure" ] && [ -z "$2" ] || [ "$1" = "reconfigure" ]; then
   while :; do
     RET=""
-    db_input medium mysql-server/root_password || true
+    db_input high mysql-server/root_password || true
     db_go
     db_get mysql-server/root_password
     # if password isn't empty we ask for password verification
@@ -29,7 +29,7 @@
       break
     fi
     ROOT_PW="$RET"
-    db_input medium mysql-server/root_password_again || true
+    db_input high mysql-server/root_password_again || true
     db_go
     db_get mysql-server/root_password_again
     if [ "$RET" == "$ROOT_PW" ]; then

Reply via email to