List:General Discussion« Previous MessageNext Message »
From:Michael Widenius Date:January 11 2000 4:52pm
Subject:Re: Any user with 'grant' privilege can change root's password in
3.22.27?
View as plain text  
>>>>> "Van" == Van  <vanboers@stripped> writes:

Van> Michael Widenius wrote:
>> Hi!
>> 
>> A normal users should of course never be able to set the password for
>> root;  My last patch fixes this.
>> 
>> Regards,
>> Monty
>> 
Van> Monty,

Van> Sorry to have caught this thread so late in the day, but, for
Van> clarification:  which patches apply to this fix?  3.22.28 and 3.23.27?
Van> or 3.22.29 and 3.23.28?  The main reason I'm asking is I've got a couple
Van> servers I'm keeping installed with the stable tree due to
Van> perception-management issues and the rest have 3.23.27 from the alpha
Van> tree.

The patch should work on most recent MySQL 3.22 and 3.23 versions.
If you can't apply it, just clear the grant_priv flag for everyone
except root.

Van> Due to the nature of the behavior described in this thread and the
Van> implications on security, it would seem appropriate to ensure it is
Van> clear to any dbadmins using either of the stable or alpha tree at which
Van> point this behavior is "fixed."  

It will be fixed in 3.22.30 and 3.23.10;  Both will be released this week.

Van> While I don't allow grant option to any other users besides bona-fide
Van> admins, I would certainly want to know specifically which version
Van> implements this patch and document this well.

Van> Hope that wasn't as unclear as it looks, but, it appears to be a very
Van> important patch.  Sorry, if I made more work for you.  >:)

Regards,
Monty
Thread
Any user with 'grant' privilege can change root's password in 3.22.27?Viktor Fougstedt10 Jan
  • Re: Any user with 'grant' privilege can change root's password in 3.22.27?sinisa10 Jan
    • Re: Any user with 'grant' privilege can change root's password in3.22.27?Viktor Fougstedt10 Jan
      • Re: Any user with 'grant' privilege can change root's password in3.22.27?Viktor Fougstedt10 Jan
        • Re: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
          • Re: Any user with 'grant' privilege can change root's password in3.22.27?Viktor Fougstedt10 Jan
            • Re: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
          • Re: Any user with 'grant' privilege can change root's password in3.22.27?Viktor Fougstedt10 Jan
            • Re: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
              • Re: Any user with 'grant' privilege can change root's password in 3.22.27?Benjamin Pflugmann10 Jan
                • Re: Any user with 'grant' privilege can change root's password in 3.22.27?Michael Widenius11 Jan
              • How WITH GRANT OPTION is supposed to workPaul DuBois13 Jan
              • How WITH GRANT OPTION is supposed to workPaul DuBois13 Jan
          • Re: Any user with 'grant' privilege can change root's password in 3.22.27?Van11 Jan
            • Re: Any user with 'grant' privilege can change root's password in 3.22.27?Michael Widenius11 Jan
          • Any Ideas on a Release Date for 3.23.10?Van16 Jan
            • Re: Any Ideas on a Release Date for 3.23.10?sinisa16 Jan
              • Re: Any Ideas on a Release Date for 3.23.10?Dylan Neild17 Jan
                • Re: Any Ideas on a Release Date for 3.23.10?Van17 Jan
              • Re: Any Ideas on a Release Date for 3.23.10?Paul DuBois17 Jan
                • Re: Any Ideas on a Release Date for 3.23.10?Michael Widenius26 Jan
        • tool set for C programmersJuan Manuel Doren10 Jan
        • Re: Any user with 'grant' privilege can change root's password in3.22.27?Michael Widenius10 Jan
      • Re: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
        • RE: Any user with 'grant' privilege can change root's password in3.22.27?Robert Goff10 Jan
          • RE: Any user with 'grant' privilege can change root's password in3.22.27?sinisa10 Jan
            • RE: Any user with 'grant' privilege can change root's passwordin3.22.27?Viktor Fougstedt10 Jan
              • RE: Any user with 'grant' privilege can change root's passwordin3.22.27?sinisa10 Jan
                • RE: Any user with 'grant' privilege can change root's passwordin3.22.27?Viktor Fougstedt10 Jan
                • RE: Any user with 'grant' privilege can change root's passwordin3.22.27?Viktor Fougstedt11 Jan
            • RE: Any user with 'grant' privilege can change root's password in3.22.27?Michael Widenius11 Jan