[Phpmyadmin-devel] Logical error in assessing privileges?
madhura.cj at gmail.com
Tue Oct 14 10:34:44 CEST 2014
Following queries are used to assess whether the logged in user has super,
create user and grant privileges respectively. See 
SELECT 1 FROM mysql.user LIMIT 1
SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE PRIVILEGE_TYPE =
'CREATE USER' LIMIT 1
SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE IS_GRANTABLE = 'YES'
However, if I create a user with all global privileges except for 'GRANT',
'SUPER', and 'CREATE USER' privileges all the above queries return 1 since
the queries does not check for the grantee column. Rows corresponding to
root user make all these queries return 1.
This obviously looks a bug to me. I'm writing to make sure that I'm not
missing out on something obvious.
Thanks and Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Developers