MySQL Bugs: #77309: Definer substitution in routines and views

Bug #77309	Definer substitution in routines and views
Submitted:	11 Jun 2015 8:48	Modified:	17 Jan 2019 22:17
Reporter:	Pavel Katiushyn	Email Updates:
Status:	No Feedback	Impact on me:	None
Category:	MySQL Server: Stored Routines	Severity:	S2 (Serious)
Version:	5.6.16	OS:	Linux (CentOS6.5)
Assigned to:		CPU Architecture:	Any

Description:
When you (as super user) create procedure with wrong user name in definer, you may get different definer, than you specified. 
In the example below instead of definer pavel.katiushyn@192.168.120.256 I've got pavel.katiushyn@%.
Same was noticed for view. I did not check for triggers and events.
This may lead to security problems.

How to repeat:
mysql> select user,host from mysql.user where user='pavel.katiushyn';
+-----------------+------+
| user            | host |
+-----------------+------+
| pavel.katiushyn | %    |
+-----------------+------+
1 row in set (0.00 sec)

mysql> drop procedure if exists ttt;
Query OK, 0 rows affected (0.00 sec)

mysql> delimiter $$
mysql> CREATE DEFINER=`pavel.katiushyn`@`192.168.120.256` PROCEDURE `ttt`()
    -> select user(),session_user(), current_user();
    -> $$
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> show warnings $$
+-------+------+--------------------------------------------------------------------------------------+
| Level | Code | Message                                                                              |
+-------+------+--------------------------------------------------------------------------------------+
| Note  | 1449 | The user specified as a definer ('pavel.katiushyn'@'192.168.120.256') does not exist |
+-------+------+--------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> delimiter ;
mysql> call ttt();
+---------------------------+---------------------------+-------------------+
| user()                    | session_user()            | current_user()    |
+---------------------------+---------------------------+-------------------+
| pavel.katiushyn@localhost | pavel.katiushyn@localhost | pavel.katiushyn@% |
+---------------------------+---------------------------+-------------------+
1 row in set (0.00 sec)

Query OK, 0 rows affected (0.00 sec)

Please check with latest version. Thanks.

No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".