From: Sergei Golubchik Date: March 21 2001 10:25am Subject: Re: FW: potential vulnerability of mysqld running with root privileges List-Archive: http://lists.mysql.com/mysql/68989 Message-Id: <20010321112501.C2119@serg.mysql.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Hi! On Mar 21, Benjamin Pflugmann wrote: > Hi. > > On Tue, Mar 20, 2001 at 12:22:19PM +0100, serg@stripped wrote: > > Hi! > > > > On Mar 20, Basil Hussain wrote: > > > Hi all, > > > > > > The original message below was posted to the BugTraq mailing list. Have the > > > developers seen this? I know it talks about version mysql-3.20.32a (which is > > > ancient), but he mentions that it affects other versions. > > > > > > Anyway, I don't run my MySQL server as root, so I'm not worried. :) > > > > > > > You shouldn't. > > > > MySQL-3.23 is not vulnerable. > > How did you determine that? > > > Sorry to contradict, but have a look: > [...] > Did I overlook something? No, it's me who overlooked something :-( Sorry for confusion... Anyway, this would be fixed asap. Regards, Sergei -- MySQL Development Team __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany <___/