Bug #7214 information_schema: unauthorized user can see metadata
Submitted: 13 Dec 2004 1:19 Modified: 7 Apr 2005 2:08
Reporter: Peter Gulutzan Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.3-alpha-debug OS:Linux (SUSE 9.2)
Assigned to: Sergei Glukhov CPU Architecture:Any

[13 Dec 2004 1:19] Peter Gulutzan
Description:
If a user has no privileges at all for an object, the user 
should be unable to see the information_schema row that 
describes the object. But a user with no privileges on any 
routine can see information_schema.routines rows, and 
a user with a privilege on only one column can see all 
columns in information_schema.columns. 
 
I am aware that "describe table_name" would show all columns 
anyway. 
 

How to repeat:
/* As user 'root', set up table and grant select privilege on one column to user 'piotr' */ 
 
mysql> create table tb (s1 int, s2 int, s3 int) engine=memory; 
Query OK, 0 rows affected (0.01 sec) 
 
mysql> grant select on tb (s2) to piotr; 
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that 
corresponds to your MySQL server version for the right syntax to use near '(s2) to piotr' at 
line 1 
mysql> grant select (s2) on tb to piotr; 
Query OK, 0 rows affected (0.00 sec) 
 
/* now switch to being user 'piotr' and select the columns in table. all are visible. */ 
/* (I have assumed that the database is 'db5'. Replace with whatever database contains table 
tb.) */ 
 
mysql> select current_user; 
+--------------+ 
| current_user | 
+--------------+ 
| piotr@%      | 
+--------------+ 
1 row in set (0.00 sec) 
 
mysql> select s2 from db5.tb; 
Empty set (0.00 sec) 
 
mysql> select s1, s3 from db5.tb; 
ERROR 1143 (42000): SELECT command denied to user 'piotr'@'localhost' for column 's1' in 
table 'tb' 
mysql> select table_name, column_name from information_schema.columns 
    -> where table_schema = 'db5' and table_name = 'tb'; 
+------------+-------------+ 
| table_name | column_name | 
+------------+-------------+ 
| tb         | s1          | 
| tb         | s2          | 
| tb         | s3          | 
+------------+-------------+ 
3 rows in set (0.00 sec)
[1 Apr 2005 9:27] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/23556
[4 Apr 2005 10:20] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/23612
[5 Apr 2005 8:24] Alexander Barkov
Ok to push
[5 Apr 2005 10:11] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/23657
[5 Apr 2005 10:14] Sergei Glukhov
Fixed in 5.0.4
[5 Apr 2005 10:51] Sergei Glukhov
Fixed in 5.0.4
[7 Apr 2005 2:08] Paul DuBois
Noted in 5.0.4 changelog.