[Problem with security/permissions]

mike . eklund Wed, 07 Mar 2001 08:48:36 -0800
>Description:
        We recently changed T-1 providers at our office location.  To allow office 
access to our remote mysql server 
        we changed the permissions in the server for our new office ips using an 
update and a flush privileges.  
        Unfortunately we changed the user table but not the db table.  This left a 
mismatch in the user and db tables.
        One would expect that we would be able to connect from the office, but not 
use, but this was not the case we could
        in some circumstances use the database.  Further, at times other remote 
servers, that had nothing to do with the 
        changes, would have their lose their ability to use the database.
>How-To-Repeat:
        I can be contacted for a backup copy of the mysql database that caused this 
problem.
>Fix:
        Fix the user and db table so that they match, but this is only a workaround.  
This is a security flaw that must be
        addressed.
>Submitter-Id:  <submitter ID>
>Originator:    Mike Eklund     
>Organization:  Netmechanic, Inc. (formally Monte Sano Software, LLC)
>MySQL support: [licence number 2798 ]
>Synopsis:      security/permission problem
>Severity:      serious 
>Priority:      high    
>Category:      mysql
>Class:         sw-bug 
>Release:       mysql-3.23.32 (Official MySQL RPM)

>Environment:
        
System: Linux db1.netmechanic.com 2.2.14-12 #5 SMP Wed May 17 15:44:34 EDT 2000 i686 
unknown
Architecture: i686

Some paths:  /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc /usr/bin/cc
GCC: Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
Compilation info: CC='egcs'  CFLAGS='-O6 -fomit-frame-pointer -mpentium'  CXX='egcs'  
CXXFLAGS='-O6 -fomit-frame-pointer                  -felide-constructors 
-fno-exceptions -fno-rtti -mpentium'  LDFLAGS=''
LIBC: 
lrwxrwxrwx    1 root     root           13 May  5  2000 /lib/libc.so.6 -> libc-2.1.3.so
-rwxr-xr-x    1 root     root      4101324 Feb 29  2000 /lib/libc-2.1.3.so
-rw-r--r--    1 root     root     20272704 Feb 29  2000 /usr/lib/libc.a
-rw-r--r--    1 root     root          178 Feb 29  2000 /usr/lib/libc.so
Configure command: ./configure  --disable-shared --with-mysqld-ldflags=-all-static 
--with-client-ldflags=-all-static --enable-assembler --with-mysqld-user=mysql 
--with-unix-socket-path=/var/lib/mysql/mysql.sock --prefix=/ 
--with-extra-charsets=complex --exec-prefix=/usr --libexecdir=/usr/sbin 
--sysconfdir=/etc --datadir=/usr/share --localstatedir=/var/lib/mysql 
--infodir=/usr/info --includedir=/usr/include --mandir=/usr/man --without-berkeley-db 
'--with-comment=Official MySQL RPM'
Perl: This is perl, version 5.005_03 built for i386-linux

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
[Problem with security/permissions]

Reply via email to
