diff options
| author | Martin Hansson <mhansson@mysql.com> | 2008-09-03 16:45:40 +0200 |
|---|---|---|
| committer | Martin Hansson <mhansson@mysql.com> | 2008-09-03 16:45:40 +0200 |
| commit | a43242ea6d5496d6e26dd1afbe7851e07308b168 (patch) | |
| tree | fa2d69a1865665c76918ce941dbff3ea022709da /mysql-test/t/view_grant.test | |
| parent | 4c318bf6e85ec1321b4f099e3bb829a6abb74d0d (diff) | |
| download | mariadb-git-a43242ea6d5496d6e26dd1afbe7851e07308b168.tar.gz | |
Bug#36086: SELECT * from views don't check column grants
This patch also fixes bugs 36963 and 35600.
- In many places a view was confused with an anonymous derived
table, i.e. access checking was skipped. Fixed by introducing a
predicate to tell the difference between named and anonymous
derived tables.
- When inserting fields for "SELECT * ", there was no
distinction between base tables and views, where one should be
made. View privileges are checked elsewhere.
Diffstat (limited to 'mysql-test/t/view_grant.test')
| -rw-r--r-- | mysql-test/t/view_grant.test | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test index cbc66300173..afef5c5bc7b 100644 --- a/mysql-test/t/view_grant.test +++ b/mysql-test/t/view_grant.test @@ -1219,3 +1219,71 @@ DROP VIEW v1; DROP TABLE t1; --echo End of 5.1 tests. + +# +# Bug#36086: SELECT * from views don't check column grants +# +CREATE USER mysqluser1@localhost; +CREATE DATABASE mysqltest1; + +USE mysqltest1; + +CREATE TABLE t1 ( a INT, b INT ); +CREATE TABLE t2 ( a INT, b INT ); + +CREATE VIEW v1 AS SELECT a, b FROM t1; + +GRANT SELECT( a ) ON v1 TO mysqluser1@localhost; +GRANT UPDATE( b ) ON t2 TO mysqluser1@localhost; + +--connect (connection1, localhost, mysqluser1, , test) + +--error ER_TABLEACCESS_DENIED_ERROR +SELECT * FROM mysqltest1.v1; + +--error ER_TABLEACCESS_DENIED_ERROR +CREATE VIEW v1 AS SELECT * FROM mysqltest1.t2; + +--disconnect connection1 + +--connection default + +DROP TABLE t1, t2; +DROP VIEW v1; +DROP DATABASE mysqltest1; +DROP USER mysqluser1@localhost; + +# +# Bug#35600: Security breach via view, I_S table and prepared +# statement/stored procedure +# +CREATE USER mysqluser1@localhost; +CREATE DATABASE mysqltest1; + +USE mysqltest1; + +CREATE VIEW v1 AS SELECT * FROM information_schema.tables LIMIT 1; +CREATE ALGORITHM = TEMPTABLE VIEW v2 AS SELECT 1 AS A; + +--connection default +GRANT SELECT ON mysqltest1.* to mysqluser1@localhost; + +--connect (connection1, localhost, mysqluser1, , test) +PREPARE stmt_v1 FROM "SELECT * FROM mysqltest1.v1"; +PREPARE stmt_v2 FROM "SELECT * FROM mysqltest1.v2"; + +--connection default +REVOKE SELECT ON mysqltest1.* FROM mysqluser1@localhost; + +--connection connection1 + +--error ER_TABLEACCESS_DENIED_ERROR +EXECUTE stmt_v1; +--error ER_TABLEACCESS_DENIED_ERROR +EXECUTE stmt_v2; + +--disconnect connection1 +--connection default +DROP VIEW v1, v2; +DROP DATABASE mysqltest1; +DROP USER mysqluser1@localhost; |