Bug #47419 Privileges on different levels are not summed up
Submitted: 17 Sep 2009 15:23 Modified: 29 Sep 2009 15:06
Reporter: Martin Hansson Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:5.0, 5.1, 5.4 OS:Any
Assigned to: Martin Hansson CPU Architecture:Any

[17 Sep 2009 15:23] Martin Hansson 
Description:
Bug found while discussing Bug#35996:

According to the manual "Use of SHOW CREATE VIEW requires the SHOW VIEW privilege and the SELECT privilege for the view in question."

But in practice this does not work if a user has SELECT privilege on the table level and SHOW VIEW privilege on the database level.

As of now, a user having privileges in such condition cannot see a view definition or the view's execution plan as in e.g.:

EXPLAIN SELECT * FROM v1;

Moreover, and more serious is the fact that SELECT privilege on the database level lets a user see the execution plan of SELECT against view within that database, without having SHOW VIEW privileges.

How to repeat:
#As root:

CREATE DATABASE mysqltest1;
CREATE DATABASE mysqltest2;

USE mysqltest1;
CREATE TABLE t1 ( a INT );
CREATE VIEW v1 AS SELECT a FROM t1;
GRANT SELECT ON mysqltest1.* TO mysqluser1@localhost;
GRANT SELECT    ON mysqltest1.v1 TO mysqluser1@localhost;

USE mysqltest2;
CREATE TABLE t1 ( a INT );
CREATE VIEW v1 AS SELECT a FROM t1;
GRANT SHOW VIEW ON mysqltest2.* TO mysqluser1@localhost;

# As mysqluser1:
USE mysqltest1;
EXPLAIN SELECT * FROM v1; <-- should not be allowed

USE mysqltest2;
# Neither should be denied:
EXPLAIN SELECT * FROM v1;
SHOW CREATE VIEW v1;

Suggested fix:
The functions checking privileges on different levels are obviously not communicating enough.
[29 Sep 2009 15:06] Martin Hansson 
This appears to have changed in recent updates.