[Bug 1598992] Re: MySQL Server installation fails if root password contains special characters such as apostrophe

Fri Dec 16 11:42:34 UTC 2016

** Changed in: mysql-5.7 (Ubuntu Xenial)
       Status: Fix Committed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1598992

Title:
  MySQL Server installation fails if root password contains special
  characters such as apostrophe

Status in mysql-5.7 package in Ubuntu:
  Fix Released
Status in mysql-5.7 source package in Xenial:
  In Progress

Bug description:
  The postinst script for mysql-server-5.7 can take a root password for
  the server as input. It does not properly escape this password before
  passing it to the server in an SQL script.

  [Impact]
  If a user enters a root password containing such a password, MySQL will throw a syntax error when d/postinst tries to set it, causing postinst failure.

  One would expect the password to support special characters, and e.g.
  pwgen -y will generate password containing such.

  We fix this by passing the password through coreutil's printf %q,
  which escapes all special characters.

  [Test case]
  Install the mysql-server-5.7 package, and enter "pass'word" when prompted for the root password. This should work

  [Regression Potential]
  This change has been in Yakkety for some time (5.7.15-0ubuntu2).

  == printf %q changes behavior ==
  Unlikely, since it's part of coreutils, but it might cause similar syntax errors as what is seen now, or result in a root password that is different from what the user expect (fixable for an admin, but would be confusing)

  == printf %q escapes characters that should not be escaped ==
  Some characters, such as $, do not need to be escaped for MySQL, but are escaped by printf %q. For those tested, MySQL supports both (passing \$ is equivalent to passing $), but if this support is incomplete it could result in syntax error and postinst failure.

  [Original description]
  Running linuxmint 18, had trouble installating mysql-server. After a fair amount of frustration, I dug around, found a temp file that had a command in it to change my root password, my password was there (in plain text), and had a clear problem with the apostrophe in the password.  It looked something like this:

  SET PASSWORD FOR 'root'@'localhost' =
  PASSWORD('YouWeren'tExpectingThis');

  I didn't save the file, did successfully install MySQL with a password
  without the single quote, and I'm not going to undo that all just to
  give a better bug report.  I'm sure your programmers won't have any
  trouble tracking this down.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: mysql-server-5.7 5.7.12-0ubuntu1.1
  ProcVersionSignature: Ubuntu 4.4.0-28.47-generic 4.4.13
  Uname: Linux 4.4.0-28-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  CurrentDesktop: X-Cinnamon
  Date: Mon Jul  4 22:36:34 2016
  InstallationDate: Installed on 2016-07-02 (2 days ago)
  InstallationMedia: Linux Mint 18 "Sarah" - Release amd64 20160628
  Logs.var.log.daemon.log:

  MySQLConf.etc.mysql.conf.d.mysql.cnf: [mysql]
  MySQLConf.etc.mysql.conf.d.mysqldump.cnf:
   [mysqldump]
   quick
   quote-names
   max_allowed_packet	= 16M
  MySQLConf.etc.mysql.mysql.conf.d.mysqld_safe_syslog.cnf:
   [mysqld_safe]
   syslog
  MySQLVarLibDirListing: False
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: mysql-5.7
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1598992/+subscriptions