Bug #30698 require super privileges for show global status & variables
Submitted: 29 Aug 2007 16:26
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:5.1.21 OS:Any
Assigned to: CPU Architecture:Any
Tags: bfsm_2007_10_18, bfsm_2007_11_01

[29 Aug 2007 16:26] Shane Bester
would be nice to have a startup switch such as --safe-show-statements that denies access to 'show variables' and 'show global status', etc unless a user has super privileges.

How to repeat:
mysql -uuser test
show global variables; # note all the information given, including path names..

Suggested fix:
see attached a patch from Leith.
[24 Oct 2007 9:51] Konstantin Osipov
Our information_schema queries normally silently return only those rows which the user has privileges to see.

Requiring SUPER for what previously did not require this privilege, and introducing another switch to the system to mitigate the introduced incompatibility is a partial approach. One day (if not now already) we may well have global variables and status available publically (e.g. @license)