[Phpmyadmin-devel] Logical error in assessing privileges?
Marc Delisle
marc at infomarc.info
Tue Oct 14 14:08:34 CEST 2014
Madhura Jayaratne a écrit :
> Hi all,
>
> Following queries are used to assess whether the logged in user has super,
> create user and grant privileges respectively. See [1]
>
> SELECT 1 FROM mysql.user LIMIT 1
> SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE PRIVILEGE_TYPE =
> 'CREATE USER' LIMIT 1
> SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE IS_GRANTABLE = 'YES'
> LIMIT 1
>
> However, if I create a user with all global privileges except for 'GRANT',
> 'SUPER', and 'CREATE USER' privileges all the above queries return 1 since
> the queries does not check for the grantee column. Rows corresponding to
> root user make all these queries return 1.
>
> This obviously looks a bug to me. I'm writing to make sure that I'm not
> missing out on something obvious.
>
> [1]
> https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/DatabaseInterface.class.php#L1917
Yes, this looks like a bug.
--
Marc Delisle (phpMyAdmin)
More information about the Developers
mailing list