Package: mysql-client-5.0 Version: 5.0.32-7etch1 Severity: normal File: /usr/bin/mysqlreport
Bugreport: mysqlreport # mysqlreport v2.5 Sep 1 2006 I found that the script does not hide the password in the interactive password dialog, this is a security flaw and should be changed. To reproduce type mysqlreport --password I think the following lines are responsible, but am not fit enough in Perl to change this. # line 78ff: if(exists $op{'password'}) { if($op{'password'} eq '') # Prompt for password { Term::ReadKey::ReadMode(2) if $RK; print "Password for database user $mycnf{'user'}: "; chomp($mycnf{'pass'} = <STDIN>); Term::ReadKey::ReadMode(0), print "\n" if $RK; } else { $mycnf{'pass'} = $op{'password'}; } # Use password given on command line } I reported this bug also to http://hackmysql.com/feedback -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages mysql-client-5.0 depends on: ii debianutils 2.17 Miscellaneous utilities specific t ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libdbd-mysql-perl 3.0008-1 A Perl5 database interface to the ii libdbi-perl 1.53-1 Perl5 database interface by Tim Bu ii libgcc1 1:4.1.1-21 GCC support library ii libmysqlclient15off 5.0.32-7etch1 mysql database client library ii libncurses5 5.5-5 Shared libraries for terminal hand ii libreadline5 5.2-2 GNU readline and history libraries ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3 ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii mysql-common 5.0.32-7etch1 mysql database common files (e.g. ii perl 5.8.8-7 Larry Wall's Practical Extraction ii zlib1g 1:1.2.3-13 compression library - runtime mysql-client-5.0 recommends no packages. -- no debconf information Thanks to you all, -- Martin Weis PGP-Key: http://datenroulette.de/pgp.php -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]