Bug #10734 Grant of privileges other than 'select' and 'create view' should fail on schema
Submitted: 19 May 2005 10:53 Modified: 15 Sep 2005 18:38
Reporter: Disha Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.5-beta-nt OS:Microsoft Windows (Windows xp)
Assigned to: Sergei Glukhov CPU Architecture:Any

[19 May 2005 10:53] Disha
Description:
Information_schma database privileges are allowed when loged as user 'root'.

How to repeat:
1. execute the following command.
    delimiter //
    Drop user 'u_6_40402'@'localhost' //
    create user 'u_6_40402'@'localhost'//
    grant all on information_schema.* to 'u_6_40402'@'localhost'//
    grant alter on information_schema.* to 'u_6_40402'@'localhost'//
    grant alter routine on information_schema.* to 'u_6_40402'@'localhost'//
    grant create routine on information_schema.* to 'u_6_40402'@'localhost'//
    grant delete on information_schema.* to 'u_6_40402'@'localhost'//
    grant drop on information_schema.* to 'u_6_40402'@'localhost'//
    grant execute on information_schema.* to 'u_6_40402'@'localhost'//
    grant index on information_schema.* to 'u_6_40402'@'localhost'//
    grant insert on information_schema.* to 'u_6_40402'@'localhost'//
    grant lock tables on information_schema.* to 'u_6_40402'@'localhost'//
    grant references on information_schema.* to 'u_6_40402'@'localhost'//
    grant show view on information_schema.* to 'u_6_40402'@'localhost'//
    grant update on information_schema.* to 'u_6_40402'@'localhost'//
    grant usage on information_schema.* to 'u_6_40402'@'localhost'//
    grant grant option on information_schema.* to 'u_6_40402'@'localhost'//
 
2. Expected Result: It should not allow to grant privileges other than 'select' 
                           and 'create view'

3. Actual Result: It is allowing almost all privileges with some execeptions.
[20 May 2005 7:30] Vasily Kishkin
Could you please explane me why you use "grant" instead of "revoke" ? As far as I can understand you enable all grant privileges to u_6_40402
[28 May 2005 6:19] Vasily Kishkin
Sorry...I did't understand the problem first time. I was not right.
[13 Sep 2005 11:08] Sergei Glukhov
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/29725
[14 Sep 2005 8:33] Sergei Glukhov
Fixed in 5.0.13
[15 Sep 2005 18:38] Paul Dubois
Noted in 5.0.13 changelog.