Bug #67086 Mysql.* should be excluded from *.* without SUPER or GRANT OPTION.
Submitted: 4 Oct 2012 18:41
Reporter: Rolf Martin-Hoster Email Updates:
Status: Open Impact on me:
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[4 Oct 2012 18:41] Rolf Martin-Hoster
Currently GRANT ALL ON *.* gives access to the mysql database. While least privileged access would dictate that this should never happen, there are cases where it is practical.

How to repeat:
GRANT ALL ON *.* TO 'user';
SELECT * FROM mysql.user

Suggested fix:
Exclude mysql.* from *.* grants without SUPER or GRANT OPTION.