Hi, king cope! On Dec 02, king cope wrote: > Hi, > My opinion is that the FILE to admin privilege elevation should be > patched. What is the reason to have FILE and ADMIN privileges > seperated when with this exploit FILE privileges equate to ALL ADMIN > privileges. > I understand that it's insecure to have FILE privileges attached to a > user. But if this a configuration issue and not a vulnerability then > as stated above there must be something wrong with the privilege > management in this SQL server. You've missed that part of my reply: > > Additionally, MySQL (and MariaDB) provides a --secure-file-priv > > option that allows to restrict all FILE operations to a specific > > directory. Normally, if a DBA wants to grant FILE privilege to users, the server will have something like secure-file-priv=/tmp/mysql (for example) specified in the configuration file. This way any operation allowed by the FILE privilege (like SELECT ... OUTFILE) will only be able to access files under the /tmp/mysql/ path. Regards, Sergei
