Bug #20181 A user who is granted any global priv is able to SHOW DB's
Submitted: 31 May 2006 22:50 Modified: 26 Jun 2006 10:35
Reporter: Erica Moss Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:WIN -5.0.21 LIN 5.0.22 OS:Microsoft Windows (win32 - XP SP2, Fedora core 5)
Assigned to: Tatiana Azundris Nuernberg CPU Architecture:Any

[31 May 2006 22:50] Erica Moss
Description:
According to the manual the SHOW DATABASES priv is required to get a return of all existing databases when the statement of the same name is executed.

Currently granting any user, any global priv will allow that user to see all DB's.
The small mysql-test-run script below illustrates this for the most basic case of USAGE WITH GRANT OPTION, however I tried it with a number of *.*  privs such as RELOAD, and SHUTDOWN, and the result is the same.

An argument could be made that SHOW DATABASES should be an implicit grant when you have certain other global privs such as DROP on *.*.  If you can drop a DB why couldn't you show it?

However I don't think the same could be said for the case of USAGE WITH GRANT OPTION.

How to repeat:
# CODE
connect (root, localhost, root,,);
GRANT usage ON *.*  TO 'me'@'localhost'
        IDENTIFIED BY 'me';

connect (me,localhost, me, me,);
SELECT CURRENT_USER();
--echo** This works as expected **;
SHOW DATABASES;

connection root;
GRANT GRANT OPTION ON *.* TO 'me'@'localhost';

#disconnect user 'me' so new global priv takes effect
disconnect me;

connect (me, localhost, me,me,);
--echo
--echo ** But this shouldn't be possible **
SHOW DATABASES;
--echo
SHOW GRANTS;

connection root;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'me'@'localhost';
DROP USER 'me'@'localhost';

# OUTPUT
GRANT usage ON *.*  TO 'me'@'localhost'
        IDENTIFIED BY 'me';
SELECT CURRENT_USER();
CURRENT_USER()
me@localhost
SHOW DATABASES;
Database
information_schema
test
GRANT GRANT OPTION ON *.* TO 'me'@'localhost';

** But this shouldn't be possible **
SHOW DATABASES;
Database
information_schema
mysql
test

SHOW GRANTS;
Grants for me@localhost
GRANT USAGE ON *.* TO 'me'@'localhost' IDENTIFIED BY PASSWORD '*363DEFBA9260F526CC56DEE2DF67578A9B8387A5' WITH GRANT OPTION
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'me'@'localhost';
DROP USER 'me'@'localhost';
[26 Jun 2006 10:35] Sergei Golubchik
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://dev.mysql.com/doc/ and the instructions on how to report a bug at http://bugs.mysql.com/how-to-report.php

See http://dev.mysql.com/doc/refman/5.0/en/privileges-provided.html
and in particular this paragraph:

The SHOW DATABASES privilege allows the account to see database names by issuing the SHOW DATABASE statement. Accounts that do not have this privilege see only databases for which they have some privileges, and cannot use the statement at all if the server was started with the --skip-show-database  option. Note that any global privilege is a privilege for the database.