Bug #29237 | Privilege system inconsistent | ||
---|---|---|---|
Submitted: | 20 Jun 2007 13:51 | Modified: | 25 Jun 2007 9:06 |
Reporter: | Max Mether | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Security: Privileges | Severity: | S3 (Non-critical) |
Version: | 5.1.19, 5.0-BK | OS: | Any |
Assigned to: | Assigned Account | CPU Architecture: | Any |
[20 Jun 2007 13:51]
Max Mether
[20 Jun 2007 17:51]
Valeriy Kravchuk
Thank you for a bug report. What is a bug here is: 1. Inconsistency of GRANT SELECT vs. GRANT ALL PRIVILEGES for individual table. 2. Remaining table-level grants after table dropped. That is: mysql> grant select on test.nonexistant to user1; ERROR 1146 (42S02): Table 'test.nonexistant' doesn't exist mysql> grant all on test.nonexistant to user1; Query OK, 0 rows affected (0.09 sec) mysql> show grants for user1; +-------------------------------------------------------------+ | Grants for user1@% | +-------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'user1'@'%' | | GRANT ALL PRIVILEGES ON `test`.`nonexistant` TO 'user1'@'%' | +-------------------------------------------------------------+ 2 rows in set (0.02 sec) The above is a bug #1, I think, because of inconsistency. mysql> create table test.nonexistant (c1 int); Query OK, 0 rows affected (0.14 sec) mysql> drop table test.nonexistant; Query OK, 0 rows affected (0.03 sec) mysql> show grants for user1; +-------------------------------------------------------------+ | Grants for user1@% | +-------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'user1'@'%' | | GRANT ALL PRIVILEGES ON `test`.`nonexistant` TO 'user1'@'%' | +-------------------------------------------------------------+ 2 rows in set (0.00 sec) And the above is a bug #2, because there is no point in table-level privileges being stored when table is already dropped.
[24 Jun 2007 12:18]
Peter Laursen
I think that 2) has been the case with MySQL since early days (3.23). I thought it was a MySQL 'feature' that a table could be recreated and table-level privileges would 'resurrect', as the 'tables_privileges' table still has an entry.
[25 Jun 2007 8:00]
Max Mether
I would agree with the comment on 2) not beeing a bug. Also note that 2) is the same for all other levels as well (global, db etc).
[25 Jun 2007 8:50]
Peter Laursen
I still thin it would be nice if privileges on any objects were dropped when the object itself is dropped. And I also think that privileges on 'lower level' (ex: table) should be dropped if the same privilege is created on 'higher level (ex: database). I can imagine different scenarios where a user is given a privilege by mistake that he should not due to this 'non-intelligent' privilege handling in MySQL.
[25 Jun 2007 9:06]
Max Mether
I can think of cases where removing the privileges would not be very good. The easiest example would be a corrupt table. The table is corrupt, so it needs to be deleted and restored. While doing this all users would loose their privileges to that table if the privileges were removed while dropping the table. So I think that it should be ok to have privileges on non-existing objects. IMHO the best case againts this is when you rename objects, be it tables, dbs or whatever. Logicillay the privileges should follow. However I think it's easier to be aware of this deficiency than the above one. In all cases 1) is a bug that should be fixed.
[8 Aug 2007 11:31]
Konstantin Osipov
Valeriy's second observation about "no point of keeping grants on an object after an object has been dropped" is invalid, at best it should be documented. Only inconsistency will be addressed in the server.
[29 Jan 2008 19:52]
Peter Laursen
i accept that it is 'not a bug' that upper-level and lower-level privileges exist simutaneously. Still I request a utility to 'clean up' * 'orphaned' privleges (privileges to an object that does not exist any more) * 'redundant' privileges (privileges existing on a lower level when a identical privlege exist on a upper level) * 'empty' privileges (for instance if 1) a row in `proc_priv` column of the `mysql`.`procs.priv`table contains an empty string or 2) the `mysql`.`user` table contains a row with "N" for all privileges available). .. and I think that should be implemented in the server itself! Is this a new 'feature request' ?