Bug #35781 Security advisors give improper advice for correcting users permissions.
Submitted: 2 Apr 2008 23:42 Modified: 18 Dec 2008 16:35
Reporter: Matthew Montgomery Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Enterprise Monitor: Advisors/Rules Severity:S3 (Non-critical)
Version:1.2.0.7879 OS:Any
Assigned to: Assigned Account CPU Architecture:Any
Triage: D4 (Minor) / R1 (None/Negligible) / E2 (Low)

[2 Apr 2008 23:42] Matthew Montgomery
Description:

Advisor: Security - Account Has Strong MySQL Privileges

Problem Description
Certain account privileges can be dangerous and should only be granted to trusted users when necessary. For example, the FILE privilege allows a user to read and write files on the database server (which includes sensitive operating system files), the PROCESS privilege allows currently executing statements to be monitored, and the SHUTDOWN privilege allows a user to shut down the server. In addition, the GRANT privilege allows a user to grant privileges to others.

Advice
Revoke privileges that are not absolutely necessary from account 'user'@'hosts' on server <server:port>.

Recommended Action
REVOKE FILE, PROCESS, SHUTDOWN, GRANT ON *.* FROM 'user'@'host';

The problem is that these permissions are "fine":

root@host [(none)]> show grants for user@'host';
+--------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for user@host |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT PROCESS, REPLICATION CLIENT ON *.* TO 'user'@'host' IDENTIFIED BY PASSWORD '*SANITIZED' |
| GRANT SELECT ON `test`.* TO 'user'@'host' |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

*ALSO*

Advisor: Security - Account Has Global Privileges

Problem Description
A MySQL server may have user accounts with privileges on all databases and tables (*.*). In most cases global privileges should be allowed only for the MySQL root user, and possibly for users that you trust or use for backup purposes. Global privileges such as DROP, ALTER, DELETE, UPDATE, INSERT, and LOCK TABLES may be dangerous as they may cause other users to be affected adversely.

Advice
Revoke all unnecessary global privileges from account 'user'@'host' on host:port, and grant privileges only on the databases, tables and columns required for that user to perform their tasks.

Recommended Action
REVOKE ALL ON *.* FROM 'user'@'host';
GRANT DROP ON dbname.* TO 'user'@'host';

How to repeat:
.

Suggested fix:
It seems more likely that this should read:

Advice
Revoke unnecessary global privileges from account 'user'@'host'
on host:port, perhaps granting them only on the
databases,tables and columns to which these are needed.

Recommended Action
REVOKE ALL ON *.* FROM 'user'@'host';
GRANT privilege_1,...,privilege_n ON dbname.* TO 'user'@'host';

Even better would be an option which allows me to:

- treat this user as an exception for this rule
  - on this instance
  - on this server (all instances)
  - on a group of servers
  - globally