MySQL Lists: mysql: Re: Any user with 'grant' privilege can change root's password in 3.22.27?

List:	General Discussion	« Previous Message Next Message »
From:	Michael Widenius	Date:	January 11 2000 12:57am
Subject:	Re: Any user with 'grant' privilege can change root's password in 3.22.27?
View as plain text

>>>>> "Benjamin" == Benjamin Pflugmann <philemon@stripped> writes:

<cut>

Benjamin> This section fits also to this matter (7.26 GRANT and REVOKE syntax):
Benjamin> ------------------------------------------------------------
Benjamin> In MySQL 3.22.12 or later, if a new user is created or if you have
Benjamin> global grant privileges, the user's password will be set to the
Benjamin> password specified by the IDENTIFIED BY clause, if one is given. If
Benjamin> the user already had a password, it is replaced by the new one.
Benjamin> ------------------------------------------------------------

Benjamin> This explains, why in a new created system 'test' may change 'root's
Benjamin> password: It was not set yet. But from how I understand the manual, he
Benjamin> should not be able to change it, when it was once set, without global
Benjamin> grant privilege, which - according to the manual - is different from
Benjamin> db grant privileges.

Hi!

A normal users should of course never be able to set the password for
root;  My last patch fixes this.

Regards,
Monty

Thread
• Any user with 'grant' privilege can change root's password in 3.22.27?	Viktor Fougstedt	10 Jan
• Re: Any user with 'grant' privilege can change root's password in 3.22.27?	sinisa	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	Viktor Fougstedt	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	Viktor Fougstedt	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	sinisa	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	Viktor Fougstedt	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	sinisa	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	Viktor Fougstedt	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	sinisa	10 Jan
• Re: Any user with 'grant' privilege can change root's password in 3.22.27?	Benjamin Pflugmann	10 Jan
• Re: Any user with 'grant' privilege can change root's password in 3.22.27?	Michael Widenius	11 Jan
• How WITH GRANT OPTION is supposed to work	Paul DuBois	13 Jan
• How WITH GRANT OPTION is supposed to work	Paul DuBois	13 Jan
• Re: Any user with 'grant' privilege can change root's password in 3.22.27?	Van	11 Jan
• Re: Any user with 'grant' privilege can change root's password in 3.22.27?	Michael Widenius	11 Jan
• Any Ideas on a Release Date for 3.23.10?	Van	16 Jan
• Re: Any Ideas on a Release Date for 3.23.10?	sinisa	16 Jan
• Re: Any Ideas on a Release Date for 3.23.10?	Dylan Neild	17 Jan
• Re: Any Ideas on a Release Date for 3.23.10?	Van	17 Jan
• Re: Any Ideas on a Release Date for 3.23.10?	Paul DuBois	17 Jan
• Re: Any Ideas on a Release Date for 3.23.10?	Michael Widenius	26 Jan
• tool set for C programmers	Juan Manuel Doren	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	Michael Widenius	10 Jan
• Re: Any user with 'grant' privilege can change root's password in3.22.27?	sinisa	10 Jan
• RE: Any user with 'grant' privilege can change root's password in3.22.27?	Robert Goff	10 Jan
• RE: Any user with 'grant' privilege can change root's password in3.22.27?	sinisa	10 Jan
• RE: Any user with 'grant' privilege can change root's passwordin3.22.27?	Viktor Fougstedt	10 Jan
• RE: Any user with 'grant' privilege can change root's passwordin3.22.27?	sinisa	10 Jan
• RE: Any user with 'grant' privilege can change root's passwordin3.22.27?	Viktor Fougstedt	10 Jan
• RE: Any user with 'grant' privilege can change root's passwordin3.22.27?	Viktor Fougstedt	11 Jan
• RE: Any user with 'grant' privilege can change root's password in3.22.27?	Michael Widenius	11 Jan