Bug #74486 Dangerous grant in rewrite plugin install script
Submitted: 21 Oct 2014 18:55 Modified: 16 Feb 2015 20:37
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Installing Severity:S3 (Non-critical)
Version:5.7.5-labs-preview OS:Any
Assigned to: CPU Architecture:Any
Tags: grants, rewriter plugin

[21 Oct 2014 18:55] Daniël van Eeden
Description:
File: lib/plugin/install_rewriter_plugin.sql

One piece of the script:
GRANT SELECT ON query_rewrite.rewrite_rules TO root@localhost;
GRANT INSERT ON query_rewrite.rewrite_rules TO root@localhost;
GRANT UPDATE ON query_rewrite.rewrite_rules TO root@localhost;

In MySQL Enterprise Monitor there is an advisor rule which advises you to rename the root account. There are also some security benchmarks which recommend this. I don't think this should be done, but some people might have done this.

If the script is executed with a renamed root account then the root account will be created without password.

How to repeat:
Rename root@localhost as advised by MEM.
Run the install script for the rewriter plugin.
Run 'SHOW GRANTS FOR root@localhost'.

Suggested fix:
Add "SET SESSION sql_mode='NO_AUTO_CREATE_USER'" to make sure it won't create an account by accident.

Check if "SELECT COUNT(*) FROM mysql.user WHERE User='root' AND Host='localhost'" returns more than 0 rows.

Implement RFE Bug #73802
[21 Oct 2014 18:58] Daniël van Eeden
If root@localhost is used this should also be used as definer for the query_rewrite.flush_rewrite_rules procedure (also created with the install script).
[21 Oct 2014 18:59] Daniël van Eeden
Also the hardcoded ".so" should be made dynamic as ".dll" will be used on Microsoft Windows.
[22 Oct 2014 14:42] MySQL Verification Team
Hello Daniël,

Thank you for the bug report.

Thanks,
Umesh
[16 Feb 2015 20:37] Erlend Dahl
This has been fixed on the feature tree.