Security
MySQL Stored Routines are setuid By Default
Mon, 2009-06-15 05:00 — jasonBy default, all views and stored routines in MySQL run with the privileges of the definer, not the invoker. This is equivalent to the setuid bit in Unix.
In the case where you need to provide execute permissions to stored routines (via EXECUTE) to a read-only user, it is possible to inadvertantly give your read-only user the ability to modify data. If the user has access to a stored routine that modifies data, then the user will be able to modify data.
Reflections on Trusting Trust - by Ken Thompson
Mon, 2009-03-09 19:44 — jasonIn 1984 the Communications of the ACM published an article, Reflections on Trusting Trust. Which is an amazing, and disturbing read about software trust.
The article begins with the exercise, "create a program which can replicate itself."
This leads deftly to the idea of modifying a compiler such that every time code is compiled it adds a security vulnerability. The author points out that this kind of problem in a compiler could and would be found rather quickly.
Recent comments
16 hours 22 min ago
1 day 22 hours ago
2 days 7 hours ago
1 week 4 days ago
2 weeks 1 day ago
2 weeks 3 days ago
3 weeks 14 hours ago
3 weeks 14 hours ago
3 weeks 2 days ago
4 weeks 8 hours ago