Bug #17139 Partitions: unprivileged user can effectively drop table
Submitted: 5 Feb 2006 18:15 Modified: 16 Apr 2006 14:06
Reporter: Peter Gulutzan Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Partitions Severity:S3 (Non-critical)
Version:5.1.7-beta-debug OS:Linux (SUSE 10.0)
Assigned to: Jim Winstead CPU Architecture:Any

[5 Feb 2006 18:15] Peter Gulutzan
Description:
I give ALTER privilege, and no other privilege, to user karlo.
Now karlo can delete all rows in the table, or drop all
partitions in the table, provided he adds one empty
partition. In effect, I have given karlo DROP privilege
on the table, which is surely not the intent.

How to repeat:
As user root, say:

mysql> create table txp (s1 int) partition by list (s1) (partition p1 values in (1));
Query OK, 0 rows affected (0.00 sec)

mysql> insert into txp values (1);
Query OK, 1 row affected (0.00 sec)

mysql> grant alter on txp to karlo@localhost;
Query OK, 0 rows affected (0.00 sec)

As user karlo@localhost, say:

mysql> select * from txp;
ERROR 1142 (42000): SELECT command denied to user 'karlo'@'localhost' for table 'txp'
mysql> delete from txp;
ERROR 1142 (42000): DELETE command denied to user 'karlo'@'localhost' for table 'txp'
mysql> drop table txp;
ERROR 1142 (42000): DROP command denied to user 'karlo'@'localhost' for table 'txp'
mysql> alter table txp add partition (partition p2 values in (2));
Query OK, 0 rows affected (0.03 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> alter table txp drop partition p1;
Query OK, 0 rows affected (0.02 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> alter table txp add partition (partition p1 values in (1));
Query OK, 0 rows affected (0.03 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> alter table txp drop partition p2;
Query OK, 0 rows affected (0.02 sec)
Records: 0  Duplicates: 0  Warnings: 0
[6 Feb 2006 0:58] Miguel Solorzano
Thank you for the bug report.
[7 Mar 2006 20:30] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/3556
[7 Mar 2006 20:38] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/3557
[12 Apr 2006 3:10] Jim Winstead
Fixed in 5.1.10.
[16 Apr 2006 14:06] Jon Stephens
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Documented feature change in 5.1.10 changelog, and in Partitioning and Database Administration chapters of 5.1 Manual. Closed.
[4 May 2006 18:01] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/5969
[4 May 2006 18:17] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/5972
[4 May 2006 18:27] Sergey Petrunya
Please ignore the last two commits, they are for another bug.