Bug #29462 Select into outfile from information_schema does not require FILE privilege.
Submitted: 30 Jun 2007 22:42 Modified: 2 Jul 2007 11:59
Reporter: KimSeong Loh (Candidate Quality Contributor) Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: Information schema Severity:S3 (Non-critical)
Version:5.0.41 OS:Windows
Assigned to: CPU Architecture:Any
Tags: file privileges, information_schema, qc

[30 Jun 2007 22:42] KimSeong Loh 
Description:
SELECT INTO OUTFILE does not require FILE privilege when the selected table is an INFORMATION_SCHEMA table.

The data in the information_schema table should not cause any harm, but user can always select something else instead of the data from the information schema tables as shown in the steps below.

How to repeat:
mysql> show grants for current_user();
+----------------------------------------------+
| Grants for aa@%                              |
+----------------------------------------------+
| GRANT USAGE ON *.* TO 'aa'@'%'               |
| GRANT ALL PRIVILEGES ON `test`.* TO 'aa'@'%' |
+----------------------------------------------+
2 rows in set (0.00 sec)

mysql> select * into outfile 'file1.txt' from information_schema.schemata;
Query OK, 2 rows affected (0.00 sec)

mysql> select * into outfile 'file2.txt' from test.aa;
ERROR 1045 (28000): Access denied for user 'aa'@'%' (using password: NO)

mysql> select 'this is a created contents' into outfile 'file3.txt' from informa
tion_schema.schemata limit 1;
Query OK, 1 row affected (0.00 sec)
[2 Jul 2007 8:55] Valeriy Kravchuk 
Thank you for a problem report. Sorry, but I am not able to repeat the behaviour described with a newer vrsion, 5.0.44:

C:\Program Files\MySQL\MySQL Server 5.0\bin>mysql -uuser1 test -P3308
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.0.44-enterprise-gpl-nt MySQL Enterprise Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show grants for current_user();
+-------------------------------------------------------------+
| Grants for user1@%                                          |
+-------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user1'@'%'                           |
| GRANT ALL PRIVILEGES ON `test`.`nonexistant` TO 'user1'@'%' |
+-------------------------------------------------------------+
2 rows in set (0.03 sec)

mysql> select * from information_schema.schemata;
+--------------+--------------------+----------------------------+--------------
----------+----------+
| CATALOG_NAME | SCHEMA_NAME        | DEFAULT_CHARACTER_SET_NAME | DEFAULT_COLLA
TION_NAME | SQL_PATH |
+--------------+--------------------+----------------------------+--------------
----------+----------+
| NULL         | information_schema | utf8                       | utf8_general_
ci        | NULL     |
| NULL         | test               | latin1                     | latin1_swedis
h_ci      | NULL     |
+--------------+--------------------+----------------------------+--------------
----------+----------+
2 rows in set (0.00 sec)

mysql> select * into outfile 'file1.txt' from information_schema.schemata;
ERROR 1044 (42000): Access denied for user 'user1'@'%' to database 'information_
schema'

Please, check if I missed something.
[2 Jul 2007 11:59] KimSeong Loh 
I retested and not repeatable on 5.0.44 enterprise edition, but problem does exist in 5.0.41 community edition.
[2 Jul 2007 14:51] Valeriy Kravchuk 
So, please, either build from current sources or wait for the next release of Community binaries.