Bug #39852 bug in mysql_setpermission
Submitted: 4 Oct 2008 8:46 Modified: 13 May 2009 1:52
Reporter: Sebastien Martin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:1.4, 4.1, 5.0, 5.1, 6.0 -bzr OS:Linux (debian)
Assigned to: Staale Smedseng CPU Architecture:Any
Triage: Triaged: D2 (Serious)

[4 Oct 2008 8:46] Sebastien Martin
Description:
the option 7:
Remove all privileges for for an existing database
Is not doing the right grant:

$sth = $dbh->do("REVOKE ALL ON *.* FROM \'$user\'\@\'$host\'") || die $dbh->errstr;

*.* is modifying the user privileges

How to repeat:
1.
mysql_setpermission
option: 7
base name: test
username: user
host: hostname
no
yes

2.
Look at privileges for user on base: test.

Suggested fix:
It should be:

$sth = $dbh->do("REVOKE ALL ON $db.* FROM \'$user\'\@\'$host\'") || die $dbh->errstr;

Where $db is the database that the user entered.
[4 Oct 2008 8:56] Sebastien Martin
category was wrong
[6 Oct 2008 5:25] Sveta Smirnova
Thank you for the report.

Verified as described.
[31 Mar 2009 10:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/70882

2840 Staale Smedseng	2009-03-31
      Bug #39852 bug in mysql_setpermission
      
      mysql_setpermission is modified to honor the $db 
      variable as suggested when doing a REVOKE ALL for 
      menu option 7.
[5 May 2009 19:37] Bugs System
Pushed into 5.1.35 (revid:davi.arnaut@sun.com-20090505190206-9xmh7dlc6kom8exp) (version source revid:davi.arnaut@sun.com-20090505190206-9xmh7dlc6kom8exp) (merge vers: 5.1.35) (pib:6)
[6 May 2009 14:09] Bugs System
Pushed into 6.0.12-alpha (revid:svoj@sun.com-20090506125450-yokcmvqf2g7jhujq) (version source revid:staale.smedseng@sun.com-20090331121241-tzkzhqaxwfgcdux0) (merge vers: 6.0.11-alpha) (pib:6)
[13 May 2009 1:52] Paul Dubois
Noted in 5.1.35, 6.0.12 changelogs.

The mysql_setpermission operation for removing database privileges
removed global privileges instead.
[15 Jun 2009 8:24] Bugs System
Pushed into 5.1.35-ndb-6.3.26 (revid:jonas@mysql.com-20090615074202-0r5r2jmi83tww6sf) (version source revid:jonas@mysql.com-20090615070837-9pccutgc7repvb4d) (merge vers: 5.1.35-ndb-6.3.26) (pib:6)
[15 Jun 2009 9:04] Bugs System
Pushed into 5.1.35-ndb-7.0.7 (revid:jonas@mysql.com-20090615074335-9hcltksp5cu5fucn) (version source revid:jonas@mysql.com-20090615072714-rmfkvrbbipd9r32c) (merge vers: 5.1.35-ndb-7.0.7) (pib:6)
[15 Jun 2009 9:44] Bugs System
Pushed into 5.1.35-ndb-6.2.19 (revid:jonas@mysql.com-20090615061520-sq7ds4yw299ggugm) (version source revid:jonas@mysql.com-20090615054654-ebgpz7elwu1xj36j) (merge vers: 5.1.35-ndb-6.2.19) (pib:6)