Subject: Re: MySQL Running as Ingres
To: Hubert Feyrer <firstname.lastname@example.org>
From: Ty Sarna <email@example.com>
Date: 07/23/1998 11:37:07
Hubert Feyrer wrote:
> On Wed, 22 Jul 1998, Curt Sampson wrote:
> > Does anyone have any objection to me changing the mysql package to
> > run as user ingres, rather than user root? This helps to close some
> > security holes, since database users can be authorised to use the
> > LOAD INFILE command for importing data, which allows that user to
> > read any file that the user the database is running as can read.
> Um, abusing ingres for mysql seems a bit bad. Either use a general
> "database" user (db, whatever), or use a "mysql" login.
I'd have to agree. You can look at AMANDA (misc/amanda, I think) for an
example of a package that creates a user for itself if it doesn't exist.
Also, MySQL should really be split into client and server packages,
rather than having one package that may or may not include the server,