Bug #37360 KILL should be usable by SHUTDOWN/PROCESSLIST privilege combo
Submitted: 12 Jun 2008 9:10
Reporter: Domas Mituzas Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:5.0, 5.1 OS:Any
Assigned to: CPU Architecture:Any

[12 Jun 2008 9:10] Domas Mituzas
Description:
As SUPER is going towards 'superuser', having KILL as part of it violates 'least privilege' principles. 

KILL should be allowed either for SHUTDOWN users (as they can bring down server anyway), or for combination of SHUTDOWN&PROCESSLIST (as they can already see all threads, and can bring down server anyway). 

That would not require ACL-bypassing SUPER privilege to manage server concurrency. 

How to repeat:
KILL

Suggested fix:
allow KILL to be used by SHUTDOWN&PROCESSLIST