Description of problem: From bugtraq http://www.securityfocus.com/archive/1/314391/2003-03-08/2003-03-14/0 Hi. I tried this on my own MySQL 3.23.55 !!! I found out that logging as the root user, we can change mysqld to run as root instead that i.e. mysql but this works only if there's just one my.cnf file and it is locate in /etc... Here's how I did it... <snip> Version-Release number of selected component (if applicable): mysql < 3.23.56 How reproducible: Always Steps to Reproduce: 1. see URL for post above 2. 3. Actual results: Expected results: Additional info: Fix: http://www.securityfocus.com/archive/1/314616/2003-03-08/2003-03-14/0 Sergei Golubchik <serg> This issue has been adressed in 3.23.56 (release build is started today), and some steps were taken to alleviate the threat. <snip> listed under RH8.0 but also applies to all others
Assigning to myself. We'll have to wait until MySQL.com releases the 3.23.56 packages. I may just upgrade to this release when enabling thread safe clients.
This is CAN-2003-0150
Held this patch back while MySQL 3.23.56 was being spun. This fix will be available via the errata system.