List:General Discussion« Previous MessageNext Message »
From:  Date:March 21 2001 3:39pm
Subject:Re: FW: potential vulnerability of mysqld running with root privileges
View as plain text  
This isn't a new bug.  This was mentioned about a year ago.

Besides, this isn't just a mysqld problem - it's a problem that plagues ANY TCP/IP based
daemon.  It's common sys admin sense NOT to run ANY daemon as root unless there is
absolutely, positively NO OTHER WAY to get it to run properly.

Benjamin Pflugmann <philemon@stripped> wrote:
>
> Hi.
> 
> All your arguments are irrelevant regarding my post: Sergei stated
> that MySQL 3.23 would not be vulnerable to the posted exploit and I
> proved it is (respecting the rules given in the exploit). I never
> argued about the impact of the exploit.
> 
> To be true, I am worried about the answers we get. First, I wonder
> about how Sergei was not able to repeat it, when I had no problem. A
> test case showing that it did not work for him would have been nice
> (sorry, Sergei, no harm intended).
> 
> Then you simply "talk away" the harm of this exploit, and ignore what
> was said before. All your arguments may be valid, but have nothing to
> do with the fact that there is an exploitable bug, regardless how many
> impact it has.
> 
> In fact, until now, nobody from MySQL even officially acknowledged that
> there is a problem, except implicitly by discussing it (on the
> mysql-list I mean... there was an answer on bugtraq).
> 
> I wrote my last mail just because I already confirmed that problem
> with 3.23 after I read bugtraq and therefore knew, that Sergei must
> have tested in a different way than me.
> 

--
===========================================================================
"If you put three drops of poison into a 100 percent pure Java, you get - Windows. If you
put a few drops of Java into Windows, you still have Windows."
    -- Sun Microsystems CEO, Scott McNealy

__________________________________________________________________
Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/
Thread
error while loading UDFCurt W. Zirzow29 Mar
  • error while loading UDFMichael Widenius29 Mar
  • Re: FW: potential vulnerability of mysqld running with root privilegesSergei Golubchik21 Mar
  • Re: FW: potential vulnerability of mysqld running with root privilegesSinisa Milivojevic21 Mar
  • Re: FW: potential vulnerability of mysqld running with root privilegesFred van Engen22 Mar
Re: error while loading UDFCurt W. Zirzow30 Mar
Re: error while loading UDFMichael Widenius30 Mar
Re: FW: potential vulnerability of mysqld running with root privileges( )21 Mar
Re: FW: potential vulnerability of mysqld running with root privilegesUnknown Sender21 Mar