Hello I Cc [EMAIL PROTECTED], maybe my mails really got forgotten.
On Tue, Apr 29, 2003 at 08:35:24PM -0400, Carl Fink wrote: > > Where did you get the information that said mysql was vulnerable? > > Several places, for one: > > http://www.linuxsecurity.com/advisories/trustix_advisory-2990.html Debian woody was vulnerable to this attack. Here excerpts from mails that I sent to [EMAIL PROTECTED] at 2003-03-09 and 2003-03-11: ... The possible impacts are: - After a server reload, the daemon then runs as root and the user is able to create but NOT overwrite files with always exactly this permissions: "-rw-rw-rw- root root" - Even without a server reload, the user may introduce (or even overwrite, didn't check order) configuration options. ... Do you think, that this is a security problem grave enough to fix woody and do a DSA? (I would say yes) ... An easy fix that might go to woody: debian/mysql-server.postinst: if [ ! -e /var/lib/mysql/my.cnf ]; then echo "# for security reasons" > /var/lib/mysql/my.cnf fi This way, a faked config file cannot be generated by an attacker as mysql does not overwrite files with "SELECT .. INTO OUTFILE". Also backwards compatibility to admins who have a config there remains. ... In contradiction to what was stated in another mail Debian's config file permissions in /etc/mysql/ does not affect this exploit as /var/lib/mysql was the problem. > Carl Fink [EMAIL PROTECTED] bye, -christian- (debian maintainer of mysql)
