Bug #35955 Regression: I_S table cause reduced privilege requirements in SELECT.
Submitted: 10 Apr 2008 7:49 Modified: 21 Apr 2008 18:27
Reporter: Kristofer Pettersson Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:6.0 OS:Any
Assigned to: Kristofer Pettersson CPU Architecture:Any

[10 Apr 2008 7:49] Kristofer Pettersson 
Description:
This bug was caused by refactoring to resolve issues related to bug#27145.

In check_table_access:
...
    if (tables->schema_table)
    {
      want_access &= ~SELECT_ACL;
...

The requirements are degraded as the function are iterating over TABLE_LIST objects.

How to repeat:
create database testdb1;
use testdb1;
create table t1 (c1 int);
create table t2 (c2 int);
grant select on testdb1.t1 to mysqluser1@localhost;

--connect (mysqluser1, localhost, mysqluser1, , testdb1)
--error 1142
select * from t2;
--error 1142
select * from t2, information_schema.tables;
select * from information_schema.tables, t2;

Suggested fix:
Reset the requirement want_access to original value in the beginning of each iteration.
[10 Apr 2008 8:45] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/45173

ChangeSet@1.2628, 2008-04-10 10:54:17+02:00, thek@adventure.(none) +5 -0
  Bug#35955 Regression: I_S table cause reduced privilege requirements in SELECT.
  
  The privilege requirements were reduced if a table list contained at least
  one information schema table.
   
  The fix is to reset the privilege requirements in check_table_access 
  for each iteration over a TABLE_LIST object.
[20 Apr 2008 13:01] Bugs System 
Pushed into 6.0.6-alpha
[21 Apr 2008 18:27] Paul DuBois 
Noted in 6.0.6 changelog.

If a SELECT table list contained at least one INFORMATION_SCHEMA
table, the required privileges for accessing the other tables were
reduced.