Description:
When you (as super user) create procedure with wrong user name in definer, you may get different definer, than you specified.
In the example below instead of definer pavel.katiushyn@192.168.120.256 I've got pavel.katiushyn@%.
Same was noticed for view. I did not check for triggers and events.
This may lead to security problems.
How to repeat:
mysql> select user,host from mysql.user where user='pavel.katiushyn';
+-----------------+------+
| user | host |
+-----------------+------+
| pavel.katiushyn | % |
+-----------------+------+
1 row in set (0.00 sec)
mysql> drop procedure if exists ttt;
Query OK, 0 rows affected (0.00 sec)
mysql> delimiter $$
mysql> CREATE DEFINER=`pavel.katiushyn`@`192.168.120.256` PROCEDURE `ttt`()
-> select user(),session_user(), current_user();
-> $$
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> show warnings $$
+-------+------+--------------------------------------------------------------------------------------+
| Level | Code | Message |
+-------+------+--------------------------------------------------------------------------------------+
| Note | 1449 | The user specified as a definer ('pavel.katiushyn'@'192.168.120.256') does not exist |
+-------+------+--------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> delimiter ;
mysql> call ttt();
+---------------------------+---------------------------+-------------------+
| user() | session_user() | current_user() |
+---------------------------+---------------------------+-------------------+
| pavel.katiushyn@localhost | pavel.katiushyn@localhost | pavel.katiushyn@% |
+---------------------------+---------------------------+-------------------+
1 row in set (0.00 sec)
Query OK, 0 rows affected (0.00 sec)