[Phpmyadmin-devel] Logical error in assessing privileges?

Chirayu Chiripal chirayu.chiripal at gmail.com
Tue Oct 14 14:40:16 CEST 2014


Hi all,

On Tue, Oct 14, 2014 at 2:04 PM, Madhura Jayaratne <madhura.cj at gmail.com>
wrote:

> Hi all,
>
> Following queries are used to assess whether the logged in user has super,
> create user and grant privileges respectively. See [1]
>
> SELECT 1 FROM mysql.user LIMIT 1
>

This is used to see if user is phpMyAdmin superuser and for phpMyAdmin, the
super user is the user having read access to `mysql.user`.


> SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE PRIVILEGE_TYPE =
> 'CREATE USER' LIMIT 1
>
SELECT 1 FROM INFORMATION_SCHEMA.USER_PRIVILEGES WHERE IS_GRANTABLE = 'YES'
> LIMIT 1
>
>
> However, if I create a user with all global privileges except for 'GRANT',
> 'SUPER', and 'CREATE USER' privileges all the above queries return 1 since
> the queries does not check for the grantee column. Rows corresponding to
> root user make all these queries return 1.
>

Similarly, USER_PRIVILEGES tells about the global privileges of current
logged in user. Even if user is not having Global GRANT privilege he can
still grant privileges to user (those privileges which he has), So, he is
kind of a GRANT user for phpmyadmin.

I don't know why, but I created a similar user that you have created but
using that new user can still create more users using that new user.


> This obviously looks a bug to me. I'm writing to make sure that I'm not
> missing out on something obvious.
>

Correct me if I am wrong anywhere. I am doing some more research on it.


>
> [1]
> https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/DatabaseInterface.class.php#L1917
>
>
> --
> Thanks and Regards,
>
> Madhura Jayaratne
>
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
>
>


-- 
Regards,
Chirayu Chiripal
https://chirayuchiripal.wordpress.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20141014/a0be35c5/attachment.html>


More information about the Developers mailing list