Bug #138 TRUNCATE TABLE in a database if any privileges are granted on the same db
Submitted: 10 Mar 2003 1:50 Modified: 10 Mar 2003 2:47
Reporter: Indrek Siitan Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.0 OS:Any (any)
Assigned to: Sergei Golubchik CPU Architecture:Any

[10 Mar 2003 1:50] Indrek Siitan
Description:
A user with table or column grants on a table is allowed to TRUNCATE any table in the same database.

How to repeat:
bash-2.05# mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 549 to server version: 4.0.10-gamma

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database truncatetest;
Query OK, 1 row affected (0.00 sec)

mysql> use truncatetest;
Database changed
mysql> create table test1 ( id int not null );
Query OK, 0 rows affected (0.00 sec)

mysql> insert into test1 values (1),(2),(3);
Query OK, 3 rows affected (0.00 sec)
Records: 3  Duplicates: 0  Warnings: 0

mysql> create table test2 ( id int not null );
Query OK, 0 rows affected (0.00 sec)

mysql> insert into test2 values (1),(2),(3);
Query OK, 3 rows affected (0.01 sec)
Records: 3  Duplicates: 0  Warnings: 0

mysql> grant select on truncatetest.test1 to truncatetest@localhost identified by 'xxx';
Query OK, 0 rows affected (0.03 sec)

mysql> Bye

bash-2.05# mysql -utruncatetest -pxxx truncatetest;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 550 to server version: 4.0.10-gamma

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select * from test1;
+----+
| id |
+----+
|  1 |
|  2 |
|  3 |
+----+
3 rows in set (0.00 sec)

mysql> select * from test2;
ERROR 1142: select command denied to user: 'truncatetest@localhost' for table 'test2'

mysql> truncate table test2;
Query OK, 0 rows affected (0.01 sec)

mysql> Bye

bash-2.05# mysql -uroot truncatetest
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 552 to server version: 4.0.10-gamma

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select * from test2;
Empty set (0.00 sec)