List:General Discussion« Previous MessageNext Message »
From:Michael Widenius Date:January 11 2000 12:54am
Subject:RE: Any user with 'grant' privilege can change root's password in3.22.27?
View as plain text  
>>>>> "sinisa" == sinisa  <sinisa@stripped> writes:

sinisa> Robert Goff writes:
>> - The answer is simple. Any user that has GRANTing option can change
>> - passwords of all users, grant other users privileges etc !!!!
>> 
>> Are you saying that the behavior he's describing is documented and correct?
>> 
>> If I understand correctly, he's saying that a user with no update privs
>> anywhere in the system can do an update on any user's record, including
>> root, in the users table.  This sounds like a Bad Thing to me.
>> --
>> Chemistry professors never die, they just smell
>> that way!
>> Please note changed phone number.
>> ===============================================
>> Robert Goff                     robert@stripped
>> Technical Writer/Editor, Webmaster 505-564-8959
>> 
>> 

sinisa> Yes, that is exactly what 'WITH GRANT OPTION' is designed for !!!

sinisa> Update privileges are not important for operations with grant
sinisa> tables. 'WITH GRANT OPTION' is all that is needed.

sinisa> This is standard ANSI SQL92 behaviour, and most of RDBMS's conform to
sinisa> it !!

Sorry, no;  Please check my previous letter.  You are only allowed to
grant things to others that you have privileges for!

Regards,
Monty
Thread
Any user with 'grant' privilege can change root's password in 3.22.27?Viktor Fougstedt10 Jan
  • Re: Any user with 'grant' privilege can change root's password in 3.22.27?sinisa10 Jan
    • Re: Any user with 'grant' privilege can change root's password in3.22.27?Viktor Fougstedt10 Jan
      • Re: Any user with 'grant' privilege can change root's password in3.22.27?Viktor Fougstedt10 Jan
        • Re: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
          • Re: Any user with 'grant' privilege can change root's password in3.22.27?Viktor Fougstedt10 Jan
            • Re: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
          • Re: Any user with 'grant' privilege can change root's password in3.22.27?Viktor Fougstedt10 Jan
            • Re: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
              • Re: Any user with 'grant' privilege can change root's password in 3.22.27?Benjamin Pflugmann10 Jan
                • Re: Any user with 'grant' privilege can change root's password in 3.22.27?Michael Widenius11 Jan
              • How WITH GRANT OPTION is supposed to workPaul DuBois13 Jan
              • How WITH GRANT OPTION is supposed to workPaul DuBois13 Jan
          • Re: Any user with 'grant' privilege can change root's password in 3.22.27?Van11 Jan
            • Re: Any user with 'grant' privilege can change root's password in 3.22.27?Michael Widenius11 Jan
          • Any Ideas on a Release Date for 3.23.10?Van16 Jan
            • Re: Any Ideas on a Release Date for 3.23.10?sinisa16 Jan
              • Re: Any Ideas on a Release Date for 3.23.10?Dylan Neild17 Jan
                • Re: Any Ideas on a Release Date for 3.23.10?Van17 Jan
              • Re: Any Ideas on a Release Date for 3.23.10?Paul DuBois17 Jan
                • Re: Any Ideas on a Release Date for 3.23.10?Michael Widenius26 Jan
        • tool set for C programmersJuan Manuel Doren10 Jan
        • Re: Any user with 'grant' privilege can change root's password in3.22.27?Michael Widenius10 Jan
      • Re: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
        • RE: Any user with 'grant' privilege can change root's password in3.22.27?Robert Goff10 Jan
          • RE: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
            • RE: Any user with 'grant' privilege can change root's passwordin3.22.27?Viktor Fougstedt10 Jan
              • RE: Any user with 'grant' privilege can change root's passwordin3.22.27?sinisa10 Jan
                • RE: Any user with 'grant' privilege can change root's passwordin3.22.27?Viktor Fougstedt10 Jan
                • RE: Any user with 'grant' privilege can change root's passwordin3.22.27?Viktor Fougstedt11 Jan
            • RE: Any user with 'grant' privilege can change root's password in3.22.27?Michael Widenius11 Jan