| Bug #20181 | A user who is granted any global priv is able to SHOW DB's | ||
|---|---|---|---|
| Submitted: | 31 May 2006 22:50 | Modified: | 26 Jun 2006 10:35 |
| Reporter: | Erica Moss | Email Updates: | |
| Status: | Not a Bug | Impact on me: | |
| Category: | MySQL Server | Severity: | S1 (Critical) |
| Version: | WIN -5.0.21 LIN 5.0.22 | OS: | Windows (win32 - XP SP2, Fedora core 5) |
| Assigned to: | Tatiana Azundris Nuernberg | CPU Architecture: | Any |
[26 Jun 2006 10:35]
Sergei Golubchik
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://dev.mysql.com/doc/ and the instructions on how to report a bug at http://bugs.mysql.com/how-to-report.php See http://dev.mysql.com/doc/refman/5.0/en/privileges-provided.html and in particular this paragraph: The SHOW DATABASES privilege allows the account to see database names by issuing the SHOW DATABASE statement. Accounts that do not have this privilege see only databases for which they have some privileges, and cannot use the statement at all if the server was started with the --skip-show-database option. Note that any global privilege is a privilege for the database.
Description: According to the manual the SHOW DATABASES priv is required to get a return of all existing databases when the statement of the same name is executed. Currently granting any user, any global priv will allow that user to see all DB's. The small mysql-test-run script below illustrates this for the most basic case of USAGE WITH GRANT OPTION, however I tried it with a number of *.* privs such as RELOAD, and SHUTDOWN, and the result is the same. An argument could be made that SHOW DATABASES should be an implicit grant when you have certain other global privs such as DROP on *.*. If you can drop a DB why couldn't you show it? However I don't think the same could be said for the case of USAGE WITH GRANT OPTION. How to repeat: # CODE connect (root, localhost, root,,); GRANT usage ON *.* TO 'me'@'localhost' IDENTIFIED BY 'me'; connect (me,localhost, me, me,); SELECT CURRENT_USER(); --echo** This works as expected **; SHOW DATABASES; connection root; GRANT GRANT OPTION ON *.* TO 'me'@'localhost'; #disconnect user 'me' so new global priv takes effect disconnect me; connect (me, localhost, me,me,); --echo --echo ** But this shouldn't be possible ** SHOW DATABASES; --echo SHOW GRANTS; connection root; REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'me'@'localhost'; DROP USER 'me'@'localhost'; # OUTPUT GRANT usage ON *.* TO 'me'@'localhost' IDENTIFIED BY 'me'; SELECT CURRENT_USER(); CURRENT_USER() me@localhost SHOW DATABASES; Database information_schema test GRANT GRANT OPTION ON *.* TO 'me'@'localhost'; ** But this shouldn't be possible ** SHOW DATABASES; Database information_schema mysql test SHOW GRANTS; Grants for me@localhost GRANT USAGE ON *.* TO 'me'@'localhost' IDENTIFIED BY PASSWORD '*363DEFBA9260F526CC56DEE2DF67578A9B8387A5' WITH GRANT OPTION REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'me'@'localhost'; DROP USER 'me'@'localhost';