Debian: insecure debian-sys-maint password handling

Description

There's this code in debian/mariadb-server-10.1.postinst script:

On initial installation it creates world-readable /etc/mysql/debian.cnf, writes a password and then revokes privileges. This makes little theoretical gap when attacker may intercept debian-sys-maint password.

Also password goes via a number of echo calls. It might be alright since echo is bash builtin. But echo has rather poor reputation as a tool for handling passwords.

In addition to that REPLACE statement against mysqld --bootstrap is used to update password:

  • it bypasses password validation plugins

  • it bypasses audit plugins

  • it increases installation time (it has to run rather heavy mysqld)

  • as well as it increases mysqld downtime

  • it may fail if database has some plugin specific configs (see MDEV-8437)

Environment

None

Assignee

Sergey Vojtovich

Reporter

Sergey Vojtovich

Labels

None

Components

Sprint

None

Fix versions

Affects versions

Priority

Major
Configure