lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFB=mGDg+UN7=w7Ve1BC8cXQXRHuzYgBdufUJKj6y5-Tp=Fmqw@mail.gmail.com> Date: Mon, 3 Dec 2012 16:52:55 +0100 From: king cope <isowarez.isowarez.isowarez@...glemail.com> To: oss-security@...ts.openwall.com, Kurt Seifried <kseifried@...hat.com>, king cope <isowarez.isowarez.isowarez@...glemail.com>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, todd@...ketstormsecurity.org, submit@...sec.com, Mitre CVE assign department <cve-assign@...re.org>, Steven Christey <coley@...re.org>, security@...iadb.org, security@...ql.com, Ritwik Ghoshal <ritwik.ghoshal@...cle.com>, moderators@...db.org Subject: Re: [oss-security] Re: MySQL (Linux) Stack based buffer overrun PoC Zeroday Yes you are way right. Don't patch it! 2012/12/3 Sergei Golubchik <serg@...monty.org>: > Hi, king cope! > > On Dec 02, king cope wrote: >> Hi, >> My opinion is that the FILE to admin privilege elevation should be >> patched. What is the reason to have FILE and ADMIN privileges >> seperated when with this exploit FILE privileges equate to ALL ADMIN >> privileges. >> I understand that it's insecure to have FILE privileges attached to a >> user. But if this a configuration issue and not a vulnerability then >> as stated above there must be something wrong with the privilege >> management in this SQL server. > > You've missed that part of my reply: > >> > Additionally, MySQL (and MariaDB) provides a --secure-file-priv >> > option that allows to restrict all FILE operations to a specific >> > directory. > > Normally, if a DBA wants to grant FILE privilege to users, the server > will have something like secure-file-priv=/tmp/mysql (for example) > specified in the configuration file. This way any operation allowed by > the FILE privilege (like SELECT ... OUTFILE) will only be able to access > files under the /tmp/mysql/ path. > > Regards, > Sergei > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists