Bug#29908: A user can gain additional access through the ALTER VIEW.

Non-definer of a view was allowed to alter that view. Due to this the alterer can elevate his access rights to access rights of the view definer and thus modify data which he wasn't allowed to modify. A view defined with SQL SECURITY INVOKER can't be used directly for access rights elevation. But a user can first alter the view SQL code and then alter the view to SQL SECURITY DEFINER and thus elevate his access rights. Due to this altering a view with SQL SECURITY INVOKER is also prohibited. Now the mysql_create_view function allows ALTER VIEW only to the view definer or a super user. mysql-test/t/view_grant.test: Added a test case for the bug#29908: A user can gain additional access through the ALTER VIEW. A test case was adjusted after fixfing bug#29908. mysql-test/r/view_grant.result: Added a test case for the bug#29908: A user can gain additional access through the ALTER VIEW. sql/sql_view.cc: Bug#29908: A user can gain additional access through the ALTER VIEW. Now the mysql_create_view function allows ALTER VIEW only to the view definer or a super user.
author: unknown <evgen@sunlight.local> 2007-09-20 18:05:09 +0400
committer: unknown <evgen@sunlight.local> 2007-09-20 18:05:09 +0400
commit: 1cb6dc2b37c9dcf9bfeed2471b8562e78a33b25f (patch)
tree: d69c769f2b2c1971f28274af20f6fcad6d440313 /mysql-test/r/view_grant.result
parent: aa5da0fc9ec4b90ae6ba8ad17334bc67d40bf66e (diff)
download: mariadb-git-1cb6dc2b37c9dcf9bfeed2471b8562e78a33b25f.tar.gz
1 files changed, 47 insertions, 3 deletions
diff --git a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result
index 0f9ce47dec6..ab408e6f175 100644
--- a/mysql-test/r/view_grant.result
+++ b/mysql-test/r/view_grant.result
@@ -776,15 +776,59 @@ GRANT CREATE VIEW ON db26813.v2 TO u26813@localhost;
 GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost;
 GRANT SELECT ON db26813.t1 TO u26813@localhost;
 ALTER VIEW v1 AS SELECT f2 FROM t1;
-ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1'
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
 ALTER VIEW v2 AS SELECT f2 FROM t1;
-ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2'
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
 ALTER VIEW v3 AS SELECT f2 FROM t1;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
 SHOW CREATE VIEW v3;
 View	Create View
-v3	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1`
+v3	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f1` AS `f1` from `t1`
 DROP USER u26813@localhost;
 DROP DATABASE db26813;
+#
+# Bug#29908: A user can gain additional access through the ALTER VIEW.
+#
+CREATE DATABASE mysqltest_29908;
+USE mysqltest_29908;
+CREATE TABLE t1(f1 INT, f2 INT);
+CREATE USER u29908_1@localhost;
+CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1;
+CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS
+SELECT f1 FROM t1;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost;
+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost;
+CREATE USER u29908_2@localhost;
+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost;
+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost;
+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost;
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+ERROR 42000: Access denied; you need the SUPER privilege for this operation
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v2;
+View	Create View
+v2	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
+ALTER VIEW v1 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v1;
+View	Create View
+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1`
+ALTER VIEW v2 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v2;
+View	Create View
+v2	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
+ALTER VIEW v1 AS SELECT f1 FROM t1;
+SHOW CREATE VIEW v1;
+View	Create View
+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1`
+ALTER VIEW v2 AS SELECT f2 FROM t1;
+SHOW CREATE VIEW v2;
+View	Create View
+v2	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
+DROP USER u29908_1@localhost;
+DROP USER u29908_2@localhost;
+DROP DATABASE mysqltest_29908;
+#######################################################################
 DROP DATABASE IF EXISTS mysqltest1;
 DROP DATABASE IF EXISTS mysqltest2;
 CREATE DATABASE mysqltest1;
author	unknown <evgen@sunlight.local>	2007-09-20 18:05:09 +0400
committer	unknown <evgen@sunlight.local>	2007-09-20 18:05:09 +0400
commit	1cb6dc2b37c9dcf9bfeed2471b8562e78a33b25f (patch)
tree	d69c769f2b2c1971f28274af20f6fcad6d440313 /mysql-test/r/view_grant.result
parent	aa5da0fc9ec4b90ae6ba8ad17334bc67d40bf66e (diff)
download	mariadb-git-1cb6dc2b37c9dcf9bfeed2471b8562e78a33b25f.tar.gz