On Sun, 29 Mar 1998, Sandu Mihai wrote: > When you use a certain mysql configuration it is possible to create > files on the system as root with rw-rw-rw. > Many MySQL users have included user root from localhost without password > in their config. > So. If on such a system you issue : > mysql -u root test > you not only will have access to the database but you'll be able to > create a file on the system with the root > ownership and rw-rw-rw useing the SELECT .. INTO OUTFILE statement. This is a configuration problem. It can be easily solved by adding a password and/or changing the file_priv column to 'N' for this user in the user table in the mysql database. Nonetheless is advisable for people running mySQL to check their configuration for any users with file_priv that should not have it. Aleph One / aleph1at_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:47:21 PDT