Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements

added SUPER_ACL check for I_S.TRIGGERS


mysql-test/r/information_schema.result:
  result fix
mysql-test/r/information_schema_db.result:
  result fix
mysql-test/t/information_schema.test:
  test case
sql/sql_show.cc:
  added SUPER_ACL check for I_S.TRIGGERS

1 files changed, 26 insertions, 0 deletions

diff --git a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test
index 6cf4ad8f576..7637a027e8f 100644
--- a/mysql-test/t/information_schema.test
+++ b/mysql-test/t/information_schema.test
@@ -1045,4 +1045,30 @@ drop table t1,t2;
 alter database;
 --error ER_PARSE_ERROR
 alter database test;
+
+#
+# Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements
+#
+
+create database mysqltest;
+create table mysqltest.t1(a int, b int, c int);
+create trigger mysqltest.t1_ai after insert on mysqltest.t1
+  for each row set @a = new.a + new.b + new.c;
+grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
+
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+show triggers from mysqltest;
+
+connect (con27629,localhost,mysqltest_1,,mysqltest);
+show columns from t1;
+select column_name from information_schema.columns where table_name='t1';
+
+show triggers;
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+connection default;
+drop user mysqltest_1@localhost;
+drop database mysqltest;
+
 --echo End of 5.0 tests.