MySQL Bugs: #37360: KILL should be usable by SHUTDOWN/PROCESSLIST privilege combo

Bug #37360	KILL should be usable by SHUTDOWN/PROCESSLIST privilege combo
Submitted:	12 Jun 2008 9:10
Reporter:	Domas Mituzas	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S4 (Feature request)
Version:	5.0, 5.1	OS:	Any
Assigned to:		CPU Architecture:	Any

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
As SUPER is going towards 'superuser', having KILL as part of it violates 'least privilege' principles. 

KILL should be allowed either for SHUTDOWN users (as they can bring down server anyway), or for combination of SHUTDOWN&PROCESSLIST (as they can already see all threads, and can bring down server anyway). 

That would not require ACL-bypassing SUPER privilege to manage server concurrency. 

How to repeat:
KILL

Suggested fix:
allow KILL to be used by SHUTDOWN&PROCESSLIST