# Setup CREATE USER sys_user, non_sys_user; CREATE ROLE system_user_role; GRANT SYSTEM_USER ON *.* TO system_user_role; GRANT CONNECTION_ADMIN ON *.* TO non_sys_user; #------------------------------------------------------------------------ # 1. User without SYSTEM_USER privilege cannot kill the connection of # the user who has SYSTEM_USER privilege. #------------------------------------------------------------------------ # non_sys_user should be able to kill as sys_user does not have # SYSTEM_USER privilege. KILL ; # Grant SYSTEM_USER privilege to sys_user and then try to kill its # session through non_sys_user. GRANT SYSTEM_USER ON *.* TO sys_user; KILL ; ERROR HY000: You are not owner of thread # Existing connection of sys_user cannot be killed by non_sys_user user # even after revoking the SYSTEM_USER privilege from former. REVOKE SYSTEM_USER ON *.* FROM sys_user; KILL ; ERROR HY000: You are not owner of thread # New connection of sys_user can be killed by non_sys_user user # after revoking the SYSTEM_USER privilege from former. KILL ; #------------------------------------------------------------------------ # 2. Grant SYSTEM_USER privilege to non_sys_user and try to kill the # connection of the sys_user who already had SYSTEM_USER privilege #------------------------------------------------------------------------ GRANT SYSTEM_USER ON *.* TO sys_user,non_sys_user; # Must fail; Since THD::is_susytem_user of the existing session is not # updated about the SYSTEM_USER privilege granted KILL ; ERROR HY000: You are not owner of thread # Must be able to kill since the THD of new connection would know that # it has SYSTEM_USER privilege KILL ; REVOKE SYSTEM_USER ON *.* FROM non_sys_user, sys_user; #------------------------------------------------------------------------ # 3. Grant SYSTEM_USER privilege through roles #------------------------------------------------------------------------ GRANT system_user_role TO sys_user; SET ROLE system_user_role; # Must fail. non_sys_user does not have SYSTEM_USER privilege while the # sys_user has activated that privilege through role. KILL ; ERROR HY000: You are not owner of thread GRANT system_user_role TO non_sys_user; # Must fail. non_sys_user has desired role but latter is not yet # activated. KILL ; ERROR HY000: You are not owner of thread # Must work. non_sys_user gets the SYSTEM_USER privilege through roles # activation. SET ROLE system_user_role; KILL ; SET ROLE system_user_role; SET ROLE NONE; # Must fail. non_sys_user has deactivated all roles. KILL ; ERROR HY000: You are not owner of thread SET ROLE system_user_role; SET ROLE ALL EXCEPT system_user_role; # Must fail. non_sys_user has all roles activated except the one that # activates the SYSTEM_USER privilege KILL ; ERROR HY000: You are not owner of thread SET ROLE ALL; # Must Work. non_sys_user has all roles activated. KILL ; REVOKE system_user_role FROM non_sys_user; GRANT SELECT ON test.* TO sys_user; #------------------------------------------------------------------------ # 4. Grant SYSTEM_USER privilege through default roles #------------------------------------------------------------------------ SET DEFAULT ROLE system_user_role TO sys_user; # Must fail. non_sys_user does not have the SYSTEM_USER privilege KILL ; ERROR HY000: You are not owner of thread GRANT SYSTEM_USER ON *.* TO non_sys_user; # Must fail. non_sys_user is granted the SYSTEM_USER privilege but # existing session does not know about it. KILL ; ERROR HY000: You are not owner of thread # Must work. non_sys_user has the SYSTEM_USER privilege KILL ; REVOKE SYSTEM_USER ON *.* FROM non_sys_user; SET DEFAULT ROLE NONE TO sys_user; # Must work. non_sys_user and sys_user both do not have SYSTEM_USER # privilege. KILL ; #------------------------------------------------------------------------ # 5. Grant SYSTEM_USER privilege through role as well as GRANT statement #------------------------------------------------------------------------ GRANT SYSTEM_USER ON *.* TO sys_user; SET ROLE NONE; # Must fail due to cumulative effect of SET ROLE and GRANT statement # on existing connection of sys_user. KILL ; ERROR HY000: You are not owner of thread REVOKE SYSTEM_USER ON *.* FROM sys_user; SET ROLE system_user_role; # Must fail due to cumulative effect of SET ROLE and REVOKE statement # on existing connection of sys_user. KILL ; ERROR HY000: You are not owner of thread SET ROLE NONE; # Must work since existing connection does not have SYSTEM_USER even # cumulatively. KILL ; REVOKE SYSTEM_USER ON *.* FROM sys_user; #------------------------------------------------------------------------ # 6. Killing another sessions of itself #------------------------------------------------------------------------ # 6.1 Through Roles SET ROLE system_user_role; # Must fail. Other session has SYSTEM_USER privilege through role # activation. KILL ; ERROR HY000: You are not owner of thread # Must work. After activating the role in current session. SET ROLE system_user_role; KILL ; # 6.2 Through usual grant statement GRANT SYSTEM_USER ON *.* TO sys_user; KILL ; REVOKE SYSTEM_USER ON *.* FROM sys_user; #------------------------------------------------------------------------ # 7. SYSTEM_USER definer must not elevate session from regular to power #------------------------------------------------------------------------ # 7.1 Verify through SET_ROLE statement CREATE USER baz@localhost; GRANT EXECUTE ON *.* TO non_sys_user; GRANT SET_USER_ID, EXECUTE ON *.* TO baz@localhost; GRANT system_user_role TO baz@localhost; CREATE DEFINER=baz@localhost PROCEDURE test.role_proc()SET ROLE system_user_role; CALL role_proc(); # Stored procedure should not have elevated the other session to # power_session. KILL ; #7.2 Verify through GRANT statement CREATE USER foo@localhost; GRANT CONNECTION_ADMIN ON *.* TO foo@localhost; CREATE DEFINER=root@localhost PROCEDURE test.grant_proc() BEGIN GRANT SYSTEM_USER ON *.* TO non_sys_user; END $$ call grant_proc(); # non_sys_user must have SYSTEM_USER privilege. SHOW GRANTS; Grants for non_sys_user@% GRANT EXECUTE ON *.* TO `non_sys_user`@`%` GRANT CONNECTION_ADMIN,SYSTEM_USER ON *.* TO `non_sys_user`@`%` # We should be able to kill the existing connection because stored # procedure should not have elevated the other session to power_session. KILL ; DROP PROCEDURE test.role_proc; DROP PROCEDURE test.grant_proc; DROP USER baz@localhost, foo@localhost; REVOKE EXECUTE,SYSTEM_USER ON *.* FROM non_sys_user; #------------------------------------------------------------------------ # 8. SYSTEM_USER invoker may elevate session from regular to power #------------------------------------------------------------------------ # 8.1 Verify through SET_ROLE statement CREATE USER baz@localhost; GRANT EXECUTE ON *.* TO non_sys_user; GRANT SET_USER_ID, EXECUTE ON *.* TO baz@localhost; GRANT system_user_role TO baz@localhost, non_sys_user; CREATE DEFINER=baz@localhost PROCEDURE test.role_proc() SQL SECURITY INVOKER SET ROLE system_user_role; CALL role_proc(); # Stored procedure execution should have elevated the other session to # power_session. KILL ; ERROR HY000: You are not owner of thread DROP PROCEDURE test.role_proc; DROP USER baz@localhost; REVOKE EXECUTE,SYSTEM_USER ON *.* FROM non_sys_user; REVOKE system_user_role FROM non_sys_user; #------------------------------------------------------------------------ # 9. Change the user in current session (COM_CHANGE_USER) #------------------------------------------------------------------------ GRANT SYSTEM_USER ON *.* TO sys_user; CREATE USER baz; # Regular_user should not be able to kill the power_session KILL CONNECTION ; ERROR HY000: You are not owner of thread # Change the user in power_session that does not have SYSTEM_USER # privilege. In other word change the user from power to regular # Now, regular session should be able to kill the previous session that # has been demoted from power_session to regular_session KILL CONNECTION ; # This time, change the user in regular session to power user. It must # promote the session to power_session; # Regular_user should not be able to kill the power_session KILL CONNECTION ; ERROR HY000: You are not owner of thread # Change user in current session as well. Now, should be able to kill KILL CONNECTION ; DROP USER baz; # Cleanup DROP USER sys_user, non_sys_user; DROP ROLE system_user_role;