[Phpmyadmin-devel] Logical error in assessing privileges?

Madhura Jayaratne madhura.cj at gmail.com
Tue Oct 14 10:34:44 CEST 2014


Hi all,

Following queries are used to assess whether the logged in user has super,
create user and grant privileges respectively. See [1]

SELECT 1 FROM mysql.user LIMIT 1
SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE PRIVILEGE_TYPE =
'CREATE USER' LIMIT 1
SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE IS_GRANTABLE = 'YES'
LIMIT 1

However, if I create a user with all global privileges except for 'GRANT',
'SUPER', and 'CREATE USER' privileges all the above queries return 1 since
the queries does not check for the grantee column. Rows corresponding to
root user make all these queries return 1.

This obviously looks a bug to me. I'm writing to make sure that I'm not
missing out on something obvious.

[1]
https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/DatabaseInterface.class.php#L1917


-- 
Thanks and Regards,

Madhura Jayaratne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20141014/18936acc/attachment.html>


More information about the Developers mailing list