Benjamin Pflugmann writes:
> Hi.
<cut>
> Of course, that why I was explicitly talking about the fact, that the
> user needs CREATE privileges (FILE privileges are not needed, If I am
> not mistaken).
>
>
>
>
First of all, it is easy to reproduce a test case.
Second, that FILE privilege I was citing is there because of SELECT ..
INTO OUTFILE ... I thought that you would understand that.
Regarding shadow file, I can crack it in 15 minutes, if I had the
interest, but I have no such interests. And I did it only on my own
computer once 4 years ago.
A CGI script that could be talked to executing ln -s ....
That is a bit far fetched.
Any scenario that involves shell access (or funny CGI scripts) or
similar, can not be considered as MySQL security flaw.
Regards,
Sinisa
____ __ _____ _____ ___ == MySQL AB
/*/\*\/\*\ /*/ \*\ /*/ \*\ |*| Sinisa Milivojevic
/*/ /*/ /*/ \*\_ |*| |*||*| mailto:[EMAIL PROTECTED]
/*/ /*/ /*/\*\/*/ \*\|*| |*||*| Larnaca, Cyprus
/*/ /*/ /*/\*\_/*/ \*\_/*/ |*|____
^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^
/*/ \*\ Developers Team
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
