[MDEV-29834] GRANT OPTION allows to see databases Created: 2022-10-20 Updated: 2022-10-20 Resolved: 2022-10-20 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Authentication and Privilege System |
| Affects Version/s: | 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Major |
| Reporter: | Sergei Golubchik | Assignee: | Sergei Golubchik |
| Resolution: | Not a Bug | Votes: | 0 |
| Labels: | None | ||
| Description |
|
to see a database, for example, in SHOW DATABASES a user must have at least some privilege on that database. GRANT OPTION is enough:
allows to see all databases. As GRANT OPTION is not a real privilege, perhaps it shouldn't allow to see databases? MySQL Bug#25203933, fixed in 5.7.40 and in 8.0.17 |
| Comments |
| Comment by Sergei Golubchik [ 2022-10-20 ] | ||
|
No. In MySQL (before those mentioned versions) and in MariaDB GRANT OPTION is a real privilege. This is non-standard, indeed, in the standard GRANT OPTION is not a privilege, but a property of a granted privilege. For example, after
in MySQL and MariaDB the user will have three privileges on the database foo — SELECT, INSERT, and GRANT. And will be able to grant them to other users. In the standard the user will have two privileges, SELECT and INSERT, and the user will be able to grant SELECT, but not INSERT. It would be great to change the semantics of GRANT OPTION to follow the standard, although it'll be a huge break in compatibility. But until this is done, GRANT OPTION is a normal privilege and must behave as any other normal privilege. Without hard-coded special behavior that makes it a normal privilege except in SHOW DATABASES (and USE). |