Bug#51770: UNINSTALL PLUGIN requires no privileges

The problem was that UNINSTALL PLUGIN wasn't performing privilege
checks before removing a plugin. Any user (including users without 
any kind of privileges) could uninstall any plugin.

The solution is to verify if the user has the DELETE privilege for
the mysql.plugin table before uninstalling a plugin.

mysql-test/r/plugin_not_embedded.result:
  Add test case result for Bug#51770.
mysql-test/t/plugin_not_embedded-master.opt:
  Add example plugin path.
mysql-test/t/plugin_not_embedded.test:
  Add test case for Bug#51770.
  Skip embedded as test relies on privileges checks.

4 files changed, 34 insertions, 0 deletions

diff --git a/mysql-test/r/plugin_not_embedded.result b/mysql-test/r/plugin_not_embedded.result
new file mode 100644
index 00000000000..ca6b1e5b1f4
--- /dev/null
+++ b/mysql-test/r/plugin_not_embedded.result
@@ -0,0 +1,11 @@
+#
+# Bug#51770: UNINSTALL PLUGIN requires no privileges
+#
+GRANT INSERT ON mysql.plugin TO bug51770@localhost;
+INSTALL PLUGIN example SONAME 'ha_example.so';
+UNINSTALL PLUGIN example;
+ERROR 42000: DELETE command denied to user 'bug51770'@'localhost' for table 'plugin'
+GRANT DELETE ON mysql.plugin TO bug51770@localhost;
+FLUSH PRIVILEGES;
+UNINSTALL PLUGIN example;
+DROP USER bug51770@localhost;
diff --git a/mysql-test/t/plugin_not_embedded-master.opt b/mysql-test/t/plugin_not_embedded-master.opt
new file mode 100644
index 00000000000..367d5233e0e
--- /dev/null
+++ b/mysql-test/t/plugin_not_embedded-master.opt
@@ -0,0 +1 @@
+$EXAMPLE_PLUGIN_OPT
diff --git a/mysql-test/t/plugin_not_embedded.test b/mysql-test/t/plugin_not_embedded.test
new file mode 100644
index 00000000000..eea7deab40c
--- /dev/null
+++ b/mysql-test/t/plugin_not_embedded.test
@@ -0,0 +1,20 @@
+--source include/not_embedded.inc
+--source include/have_example_plugin.inc
+
+--echo #
+--echo # Bug#51770: UNINSTALL PLUGIN requires no privileges
+--echo #
+
+GRANT INSERT ON mysql.plugin TO bug51770@localhost;
+connect(con1,localhost,bug51770,,);
+eval INSTALL PLUGIN example SONAME $HA_EXAMPLE_SO;
+--error ER_TABLEACCESS_DENIED_ERROR
+UNINSTALL PLUGIN example;
+connection default;
+GRANT DELETE ON mysql.plugin TO bug51770@localhost;
+FLUSH PRIVILEGES;
+connection con1;
+UNINSTALL PLUGIN example;
+disconnect con1;
+connection default;
+DROP USER bug51770@localhost;
diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc
index 9e35e392d2a..0706ef24881 100644
--- a/sql/sql_plugin.cc
+++ b/sql/sql_plugin.cc
@@ -1736,6 +1736,8 @@ bool mysql_uninstall_plugin(THD *thd, const LEX_STRING *name)
   bzero(&tables, sizeof(tables));
   tables.db= (char *)"mysql";
   tables.table_name= tables.alias= (char *)"plugin";
+  if (check_table_access(thd, DELETE_ACL, &tables, 1, FALSE))
+    DBUG_RETURN(TRUE);
 
   /* need to open before acquiring LOCK_plugin or it will deadlock */
   if (! (table= open_ltable(thd, &tables, TL_WRITE, 0)))