Description:
The new syntax for CREATE/DROP/ALTER SERVER is available to any user, regardless of the granted privileges.

For example:

GRANT ALL ON  test.* TO guest1 IDENTIFIED BY 'guest';
GRANT SELECT ON  test.* TO guest2 IDENTIFIED BY 'guest';
GRANT USAGE ON  *.* TO guest3 IDENTIFIED BY 'guest';

mysql -u guest1 -pguest test

mysql> create SERVER 's1' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'test', USER 'guest', PASSWORD 'guest', PORT 3307);
Query OK, 1 row affected (0.00 sec)

mysql -u guest2 -pguest test

mysql> alter SERVER 's1'  options (DATABASE 'toast');
Query OK, 1 row affected (0.00 sec)

mysql> drop server s1;
Query OK, 1 row affected (0.01 sec)

mysql> create SERVER 's2' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'test', USER 'guest', PASSWORD 'guest', PORT 3307);
Query OK, 1 row affected (0.00 sec)

mysql -u guest3 -pguest test

mysql> alter SERVER 's2'  options (DATABASE 'toast');
Query OK, 1 row affected (0.00 sec)

mysql> drop server s2;
Query OK, 1 row affected (0.01 sec)

mysql> create SERVER 's3' foreign data wrapper 'mysql' options (HOST '127.0.0.1', DATABASE 'test', USER 'guest', PASSWORD 'guest', PORT 3307);
Query OK, 1 row affected (0.00 sec)

A user with full privileges on a single database can create a server wide server.
Then a user with read-only privileges can create, alter, and drop servers.
An finally, a user with only usage, i.e. with no privileges at all, can
drop,alter and create servers.

How to repeat:
test case to follow

Suggested fix:
CREATE SERVER should require higher privileges than SELECT.
DROP/ALTER SERVER should be allowed to the owner or to users with SUPER privilege.

Yes, user privs should be though of for this. The owner col should be used for this.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/18490

ChangeSet@1.2394, 2007-01-19 14:35:59-08:00, acurtis@xiphis.org +1 -0
  Bug#25671
    "CREATE/DROP/ALTER SERVER should require privileges"
    Instrument check for SUPER privilege
    (we should concider switching to 64bit ACL words to have fine grained ACLs)

test for bug#25671 after fix

Attachment: federated_bug_25671_fixed.tar.gz (application/x-tar, text), 2.00 KiB.

QA_TEST_PASS
Please see the attached test case.
After the fix, server creation,drop, and alter are not allowed for users without the SUPER privilege.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/19818

ChangeSet@1.2432, 2007-02-13 16:21:37-08:00, antony@ppcg5.local +3 -0
  Bug#25671
    "CREATE/ALTER/DROP SERVER should require privileges"
    Add checks for SUPER acl before executing CREATE/ALTER/DROP
    SERVER commands.
    Includes test for bug.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/21840

ChangeSet@1.2477, 2007-03-13 11:58:24-07:00, acurtis@xiphis.org +3 -0
  Bug#25671
    "CREATE/DROP/ALTER SERVER should require privileges"
    Add check for SUPER privilege when executing CREATE/DROP/ALTER SERVER.
    Previously, any user even with only USAGE priv can execute those commands.

OK to push from me. The absolute minimum required comments are present.

Pushed to 5.1-engines repository

Pushed into 5.1.18-beta

Noted in 5.1.18 changelog.

CREATE SERVER, DROP SERVER, and ALTER SERVER did not require any
privileges. Now these statements require the SUPER privilege.

Also updated the CREATE SERVER, DROP SERVER, and ALTER SERVER
sections to note the required privilege.