Re: [Full-Disclosure] MySQL and the user "su"

From: Sascha Wolf (swolf_at_x-project.net)
Date: 12/31/04

  • Next message: Luke Macken: "[Full-Disclosure] [ GLSA 200501-08 ] phpGroupWare: Various vulnerabilities" 
    Date: Fri, 31 Dec 2004 19:47:02 +0100
To: full-disclosure@lists.netsys.com

    Dear Tom Crimmins,

    am Freitag, 31. Dezember 2004 um 17:42 schrieben Sie:

    > [snip]
    > I have today determined that I can connect to a local MySQL-server per
    > "mysql -usu". I regard that to error, can that someone confirm?
    > [/snip]

    > This is not an error. You should by default be able to connect with any user
    > from localhost, but you will not have privileges to do anything else. This
    > is because the mysql install by default sets up permissions this way. You
    > could verify this yourself by connecting as root, and executing the
    > following query:

    > SELECT * FROM mysql.user;

    > The row that applies in this case is the one with Host='localhost' and
    > User=''. You can delete this row if you do not want this behavior. You must
    > do a "flush privileges;" after deleting the row.

    > ---
    > Tom Crimmins
    > Interface Specialist
    > Pottawattamie County, Iowa

    Ok one if I the user deletes, I can't no more connection. But for what MySQL puts
    on this user at all, if he is not used?

    I think that is a securitybug to be evaluated. 

    -- 
Mit freundlichen Grüßen
Sascha Wolf
mailto:swolf@x-project.net

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Luke Macken: "[Full-Disclosure] [ GLSA 200501-08 ] phpGroupWare: Various vulnerabilities"

    Relevant Pages

    • Re: Question abou AIP function: GetDiskFreeSpaceEx(...)
      ... The issue is that you are connecting with netbios and the machine's name isn't ... localhost, it is something else. ... Joe Richards Microsoft MVP Windows Server Directory Services ... Jeffrey Meng wrote: ...
      (microsoft.public.win32.programmer.kernel)
    • Re: sendmail cannot send outgoing email due to makeconnection faliure
      ... it can receive mail from outside and send mail from localhost to ... but it cannot send outgoing email (e.g. from root@xxxxxxxxxxxxxx to ... try simply connecting with TELNET to gmail-smtp-in.l.google.com:25? ... If that fails, then you can try connecting to the `submission' port, ...
      (comp.mail.sendmail)
    • fetching to docs using wget
      ... Files are downloading but of 0 size:( ... Am i missing any thing ... Connecting to localhost x.x.x.x... ...
      (perl.beginners)
    • Re: Apache Not Responding When Being Accessed From Outside Local Network
      ... > You can easily test this by connecting to the URL ... > from a browser on that machine. ... Hi there, browsing to localhost works. ... apache would log requests from the outside world, ...
      (comp.unix.solaris)
    • Re: [SLE] Do databases work in OOo?
      ... > Try using the ip number of your local machine instead ... > of localhost. ... > a suspicion that my mysql install doesn't listen on localhost, ... listening, use netstat: ...
      (SuSE)