From cd958ea3b89c93f56e4901e6fc2543d4af0e1e5b Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 16 Dec 2010 13:48:22 -0200
Subject: Avoid root password leak to process list

---
 templates/setmysqlpass.sh.erb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/setmysqlpass.sh.erb b/templates/setmysqlpass.sh.erb
index fbca07e..1cc34db 100644
--- a/templates/setmysqlpass.sh.erb
+++ b/templates/setmysqlpass.sh.erb
@@ -8,5 +8,7 @@ PASSWORD="<%= mysql_rootpw %>"
 DEFAULTS="/etc/mysql/debian.cnf"
 
 # Run
-echo "USE mysql; UPDATE user SET Password=PASSWORD('$PASSWORD') WHERE User='root' AND Host='localhost'; flush privileges;" | \
-  /usr/bin/mysql --defaults-file=$DEFAULTS
+/usr/bin/mysql --defaults-file=$DEFAULTS <<EOF
+UPDATE mysql.user SET Password=PASSWORD('$PASSWORD') WHERE User='root' AND Host='localhost';
+FLUSH PRIVILEGES;
+EOF
-- 
cgit v1.2.3