By spoofing datadir/my.cnf with SELECT INTO it's possible to launch MySQL with any account, including root.
vulners.com/securityvulns/securityvulns:doc:4176