>Description: Using the GRANT command causes the password to be
deleted until 'FLUSH PRIVILEGES' is executed. This is a security
problem.
>How-To-Repeat:
New 4.1 BINARY install; installed as noted in instructions.
No users except root exist.
Execute MySQL> GRANT SELECT ON bugg.* TO 'cwolf'@'%';
SET PASSWORD FOR 'cwolf'@'%' = PASSWORD('test');
FLUSH PRIVILEGES
SHOW GRANTS FOR 'cwolf';
GRANT USAGE ON *.* TO 'cwolf'@'%' IDENTIFIED BY PASSWORD
'*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29'
GRANT ALL PRIVILEGES ON `test`.* TO 'cwolf'@'%'
GRANT SELECT ON `bugg`.* TO 'cwolf'@'%'
Result: User cwolf can connect and must provide password 'test'.
Execute MySQL> GRANT INSERT ON bugg.* TO 'cwolf'@'%'
Result: User cwolf can now connect WITH NO PASSWORD! and
SHOW GRANTS FOR 'cwolf'@'%' does not show an 'IDENTIFIED BY' clause.
GRANT USAGE ON *.* TO 'cwolf'@'%'
GRANT ALL PRIVILEGES ON `test`.* TO 'cwolf'@'%'
GRANT SELECT, INSERT ON `bugg`.* TO 'cwolf'@'%'
Execute MySQL> FLUSH PRIVILEGES
Result: User cwolf must now use original password to connect, and
SHOW GRANTS FOR 'cwolf'@'%' shows an 'IDENTIFIED BY' clause.
GRANT USAGE ON *.* TO 'cwolf'@'%' IDENTIFIED BY PASSWORD
'*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29'
GRANT ALL PRIVILEGES ON `test`.* TO 'cwolf'@'%'
GRANT SELECT, INSERT ON `bugg`.* TO 'cwolf'@'%'
>Fix:
Unknown.
>Submitter-Id: <submitter ID>
>Originator: Christopher Wolf
>Organization: private
>MySQL support: none
>Synopsis: GRANT removes password until FLUSH
>Severity: serious
>Priority: high
>Category: mysql
>Class: sw-bug
>Release: mysql-4.1.1-alpha-standard (Official MySQL-standard binary)
>C compiler: 2.95.3
>C++ compiler: 2.95.3
>Environment:
System: Linux sdsweb 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686 unknown
Architecture: i686
Some paths: /usr/bin/perl /usr/bin/make /usr/bin/gcc /usr/bin/cc
GCC: Reading specs from /usr/lib/gcc-lib/i386-linux/2.95.4/specs
gcc version 2.95.4 20011002 (Debian prerelease)
Compilation info: CC='gcc' CFLAGS='-O2 -mcpu=pentiumpro' CXX='gcc' CXXFLAGS='-O2
-mcpu=pentiumpro -felide-constructors' LDFLAGS='' ASFLAGS=''
LIBC:
lrwxrwxrwx 1 root root 13 Jul 18 2003 /lib/libc.so.6 -> libc-2.2.5.so
-rwxr-xr-x 1 root root 1153784 Apr 8 2003 /lib/libc-2.2.5.so
-rw-r--r-- 1 root root 2391002 Apr 8 2003 /usr/lib/libc.a
-rw-r--r-- 1 root root 178 Apr 8 2003 /usr/lib/libc.so
Configure command: ./configure '--prefix=/usr/local/mysql'
'--localstatedir=/usr/local/mysql/data' '--libexecdir=/usr/local/mysql/bin'
'--with-comment=Official MySQL-standard binary' '--with-extra-charsets=complex'
'--with-server-suffix=-standard' '--enable-thread-safe-client' '--enable-local-infile'
'--enable-assembler' '--disable-shared' '--with-client-ldflags=-all-static'
'--with-mysqld-ldflags=-all-static' '--with-readline' '--with-embedded-server'
'--with-innodb' 'CFLAGS=-O2 -mcpu=pentiumpro' 'CXXFLAGS=-O2 -mcpu=pentiumpro
-felide-constructors' 'CXX=gcc'
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
