20 Mar
2003
20 Mar
'03
1:19 p.m.
Hi,
I just upgraded to MySQL 4.0.12. Someone please explain why
a user with CREATE TEMPORARY TABLE
is seen by phpMyAdmin as a superuser
($is_superuser is TRUE, this is because USE MYSQL works!)
And he sees all databases (but no table).
My users got this priv because the had global FILE, I guess.
Marc
20 Mar
20 Mar
1:41 p.m.
On Thu, Mar 20, 2003 at 12:49:00PM -0500, Marc Delisle wrote:
I just upgraded to MySQL 4.0.12. Someone please
explain why
a user with CREATE TEMPORARY TABLE
is seen by phpMyAdmin as a superuser
($is_superuser is TRUE, this is because USE MYSQL works!)
having global CREATE TEMP
TABLE, you can use that on ANY db, hence mysql
treats you as a superuser.
This is actually a glitch in upgrading from 3.23 to 4.0, because of how
the new permission system works. just select all your non super users
and do:
REVOKE CREATE TEMPORARY TABLE, FILE ON *.* FROM <user>
Global privelges are bad, unless you trust the user.
--
Robin Hugh Johnson
E-Mail : robbat2(a)orbis-terrarum.net
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ# : 30269588 or 41961639
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
1:55 p.m.
Robin H. Johnson wrote:
On Thu, Mar 20, 2003 at 12:49:00PM -0500, Marc Delisle
wrote:
I agree, however, global FILE is required for LOAD DATA INFILE.
Which makes me think that we should offer another way to load text files,
that emulates LOAD DATA INFILE options but does not rely on FILE priv.
Marc
I just upgraded to MySQL 4.0.12. Someone please
explain why
a user with CREATE TEMPORARY TABLE
is seen by phpMyAdmin as a superuser
($is_superuser is TRUE, this is because USE MYSQL works!)
having global CREATE TEMP TABLE, you can use that on ANY db, hence mysql
treats you as a superuser.
This is actually a glitch in upgrading from 3.23 to 4.0, because of how
the new permission system works. just select all your non super users
and do:
REVOKE CREATE TEMPORARY TABLE, FILE ON *.* FROM <user>
Global privelges are bad, unless you trust the user. 
5:26 p.m.
-----Original Message-----
From: Robin H. Johnson
having global CREATE TEMP TABLE, you can use that on ANY db,
Nope!
CREATE TEMPORARY TABLES is just a flag that manages if a user may use
the TEMPORARY keyword when creating a table.
It does NOT bypass the CREATE privilege which is still required for
creating temporary tables.
When running MySQL's upgrade script, the CREATE TEMPORARY TABLES
privilege is automatically granted to each user because this is actually
the setting in MySQL 3.23.
Alexander M. Turek
<alex(a)bugfixes.info>
+-----------------------------+
| The phpMyAdmin Project |
| http://www.phpmyadmin.net |
| rabus(a)users.sourceforge.net |
+-----------------------------+
| [bugfixes.info] |
| http://www.bugfixes.info |
| rabus(a)bugfixes.info |
+-----------------------------+
21 Mar
21 Mar
2:10 p.m.
Rabus wrote:
-----Original Message-----
From: Robin H. Johnson
Alexander,
so, why can a user do USE MYSQL when he has CREATE TEMPORARY TABLES?
Marc
having global CREATE TEMP TABLE, you can use that
on ANY db,
Nope!
CREATE TEMPORARY TABLES is just a flag that manages if a user may use
the TEMPORARY keyword when creating a table.
It does NOT bypass the CREATE privilege which is still required for
creating temporary tables.
When running MySQL's upgrade script, the CREATE TEMPORARY TABLES
privilege is automatically granted to each user because this is actually
the setting in MySQL 3.23.
Alexander M. Turek
<alex(a)bugfixes.info>
5:09 p.m.
Hi Marc & list,
-----Original Message-----
From: Marc Delisle [mailto:delislma@CollegeSherbrooke.qc.ca]
Alexander,
so, why can a user do USE MYSQL when he has CREATE TEMPORARY TABLES?
Because of a MySQL bug...?
I'm going to report this to MySQL.
Regards,
Alexander M. Turek
<alex(a)bugfixes.info>
+-----------------------------+
| The phpMyAdmin Project |
| http://www.phpmyadmin.net |
| rabus(a)users.sourceforge.net |
+-----------------------------+
| [bugfixes.info] |
| http://www.bugfixes.info |
| rabus(a)bugfixes.info |
+-----------------------------+
7857
days inactive
7858
days old
5 comments
3 participants
participants (3)
-
Marc Delisle -
Rabus -
Robin H. Johnson