[Phpmyadmin-devel] Logical error in assessing privileges?
Madhura Jayaratne
madhura.cj at gmail.com
Tue Oct 14 10:34:44 CEST 2014
Hi all,
Following queries are used to assess whether the logged in user has super,
create user and grant privileges respectively. See [1]
SELECT 1 FROM mysql.user LIMIT 1
SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE PRIVILEGE_TYPE =
'CREATE USER' LIMIT 1
SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE IS_GRANTABLE = 'YES'
LIMIT 1
However, if I create a user with all global privileges except for 'GRANT',
'SUPER', and 'CREATE USER' privileges all the above queries return 1 since
the queries does not check for the grantee column. Rows corresponding to
root user make all these queries return 1.
This obviously looks a bug to me. I'm writing to make sure that I'm not
missing out on something obvious.
[1]
https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/DatabaseInterface.class.php#L1917
--
Thanks and Regards,
Madhura Jayaratne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20141014/18936acc/attachment.html>
More information about the Developers
mailing list