Bug #85561 Users can be assigned non-existing roles as default
Submitted: 21 Mar 9:18 Modified: 2 Jun 6:11
Reporter: Giuseppe Maxia (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Roles Severity:S2 (Serious)
Version:8.0.1 OS:Any
Assigned to:

[21 Mar 9:18] Giuseppe Maxia 
Description:
Using the scenario described in Bug#85559, It is possible to issue the following statement:

mysql [localhost] {root} ((none)) > set default role donald_duck to u_test_ro;
Query OK, 0 rows affected (0.01 sec)

mysql [localhost] {root} ((none)) > use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql [localhost] {root} (mysql) > select * from mysql.default_roles;
+------+-----------+-------------------+-------------------+
| HOST | USER      | DEFAULT_ROLE_HOST | DEFAULT_ROLE_USER |
+------+-----------+-------------------+-------------------+
| %    | u_test_ro | %                 | donald_duck       |
| %    | u_test_rw | %                 | r_test_ro         |
| %    | u_test_rw | %                 | r_test_rw         |
+------+-----------+-------------------+-------------------+
3 rows in set (0.00 sec)

Notice that there is no user or role named 'donald_duck'.

mysql [localhost] {root} ((none)) > select count(*) from mysql.user where user = 'donald_duck';
+----------+
| count(*) |
+----------+
|        0 |
+----------+
1 row in set (0.00 sec)

How to repeat:
Try assigning as default role a non existing one
[21 Mar 9:28] Umesh Shastry 
Hello Giuseppe,

Thank you for the report and feedback!
Verified as described.

Thanks,
Umesh
[2 Jun 6:11] Giuseppe Maxia 
Changed category to "Roles"