Bug #28181 Access denied to 'information_schema when select into out file (regression)
Submitted: 1 May 2007 12:50 Modified: 10 May 2007 17:42
Reporter: Omer Barnir (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S2 (Serious)
Version:5.0.42 OS:Any
Assigned to: Sergey Glukhov

[1 May 2007 12:50] Omer Barnir
Description:
The following query:
SELECT SCHEMA_NAME
  INTO OUTFILE '../tmp/test_out.file'
  FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
  LINES TERMINATED BY '\n'
  FROM information_schema.schemata
  WHERE schema_name LIKE 'db_%';
fails with an 'acess denied' error to 'information_schema'
when run by a regular while the following:
SELECT SCHEMA_NAME
  FROM information_schema.schemata
  WHERE schema_name LIKE 'db_%';
sucesseds.
This was NOT observed with 5.0.40 where both queries are sucessful
(see attached result files)
Note: Adding the 'file' privilege to the user does not change the 
failed outcome in 5,0,42 and is not needed in 5.0.40

How to repeat:
Run the attached test file

Suggested fix:
Not sure why the regression. 
If this change was an attrempt to add the 'file' privilege for the writing
into file action than it is a good thing but it is not working
[1 May 2007 12:53] Omer Barnir
This problem seems to be the same problem reported in 
bug#13202 and bug#13868 and that was fixed in 5.0.15 
and now returned
[1 May 2007 13:03] Omer Barnir
test file showing the problem

Attachment: bug28181.test (application/octet-stream, text), 693 bytes.

[1 May 2007 13:04] Omer Barnir
resukt file in 5.0.40

Attachment: bug28181_5040.result (application/octet-stream, text), 549 bytes.

[1 May 2007 13:05] Omer Barnir
result file in 5.0.42

Attachment: bug28181_5042.result (application/octet-stream, text), 639 bytes.

[3 May 2007 10:24] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/25997

ChangeSet@1.2471, 2007-05-03 15:22:36+05:00, gluh@mysql.com +3 -0
  Bug#28181 Access denied to 'information_schema when select into out file (regression)
  allow select into out file from I_S if user has FILE privilege
  otherwise issue an error.
[4 May 2007 8:37] Alexander Barkov
The patch http://lists.mysql.com/commits/25997 looks ok.
[4 May 2007 9:44] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/26077

ChangeSet@1.2471, 2007-05-04 14:41:58+05:00, gluh@mysql.com +3 -0
  Bug#28181 Access denied to 'information_schema when select into out file (regression)
  allow select into out file from I_S if user has FILE privilege
  otherwise issue an error
[7 May 2007 18:14] Bugs System
Pushed into 5.1.18-beta
[8 May 2007 0:20] Paul Dubois
Noted in 5.1.18 changelog.

SELECT * INTO OUTFILE ... FROM INFORMATION_SCHEMA.schemata failed
with an Access denied error, even for a user who has the FILE
privilege.

Setting report to Patch Queued pending push into 5.0.x.
[10 May 2007 6:51] Bugs System
Pushed into 5.0.42
[10 May 2007 17:42] Paul Dubois
Noted in 5.0.42 changelog.