Bug #78345 | mysqlrpladmin requires excessive GRANTs and permissions | ||
---|---|---|---|
Submitted: | 5 Sep 2015 22:33 | Modified: | 20 Jan 2016 8:01 |
Reporter: | monty solomon | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Utilities | Severity: | S2 (Serious) |
Version: | 1.5.4, 1.5.6, 1.6.2 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[5 Sep 2015 22:33]
monty solomon
[7 Sep 2015 3:42]
monty solomon
mysqlrpladmin needs UPDATE on the mysql users table. That provides it with more privilegesand capabilities than the GRANT OPTION.
[20 Jan 2016 8:01]
Andrii Nikitin
Verified as described.
[20 Jan 2016 8:05]
Andrii Nikitin
Posted by developer: Please fix source code to require only necessary permissions, e.g. SELECT INSERT CREATE DROP on mysql schema only. Reflect in documentation any non-obvious privileges requirements.
[22 Aug 2016 19:59]
Chuck Bell
Posted by developer: This bug and others like it are in contrast to some of the design goals of the utilities themselves. The permissions checking code was designed and implemented to provide the broadest possible application to avoid becoming tedious to use (requiring specific, seldom used privileges). That is, while some operations can be performed with specific privileges, we chose to use more frequently used, broader privileges rather than the minimal set. Thus, users unfamiliar with the finer points of MySQL server security can use the utilities with minimal effort. Therefore, the solution for this bug and others like it may not completely satisfy the specifics of the requests herein. Rather, effort shall be made to reduce the confusion and eliminate cases where over privilege is clear as well as clarify the use of those privileges in the documentation. In addition, it is clear that the privilege checking process for mysqlrpladmin is in need of some refactoring for finer grain privilege checking as noted in the bug report. More specifically, there should be a separate check for privileges for each command and its variants (choice of options) rather than a single check for groups of commands. This should help clear up the confusion and remove some of the over privilege requirements.