maria-discuss team mailing list archive
Mailing list archive
Re: Critical Update for CVE-2016-6662
hwo should that be possible from a daemon runnign with a restricted user?
Some distros run mysqld_safe under root which also reads the *.cnf files
(cowered in advisory).
About the CVE-2016-6663 from author:
"The CVE-2016-6663 is not public yet. I refer to it in the advisory to give
some heads up in case someone wanted to discard this issue based on
reasoning that FILE privs are not common and that they will never be pwned
etc. It'll soon be published then it'll be clear what this CVEID is about