diff options
| author | Alexander Nozdrin <alik@sun.com> | 2009-10-22 16:51:51 +0400 |
|---|---|---|
| committer | Alexander Nozdrin <alik@sun.com> | 2009-10-22 16:51:51 +0400 |
| commit | 720252532fb27dd8b3598ef739e4c0b75d7befea (patch) | |
| tree | f16bfdb6da67f8216983923d7a15c8004ad4b1ab /sql/sql_acl.h | |
| parent | 481066db52cfaa406ea73812bc237513e0daa076 (diff) | |
| download | mariadb-git-720252532fb27dd8b3598ef739e4c0b75d7befea.tar.gz | |
Backporting patches for Bug#38347 (ALTER ROUTINE privilege
allows SHOW CREATE TABLE) from 6.0. Original revisions:
------------------------------------------------------------
revno: 2617.31.8
committer: Alexander Nozdrin <alik@sun.com>
branch nick: 6.0-rt-bug38347
timestamp: Thu 2009-03-26 09:08:24 +0300
message:
Patch for Bug#38347: ALTER ROUTINE privilege allows SHOW CREATE TABLE.
If a user has any of the following privileges for a table (or the database
if the table), he should be able to issue SHOW CREATE TABLE for the table:
- CREATE
- DROP
- ALTER
- DELETE
- INDEX
- INSERT
- SELECT
- UPDATE
- TRIGGER
- REFERENCES
- GRANT OPTION
- CREATE VIEW
- SHOW VIEW
Any other privilege (even SUPER) should not allow SHOW CREATE TABLE.
------------------------------------------------------------
revno: 2617.31.11
committer: Alexander Nozdrin <alik@sun.com>
branch nick: 6.0-rt
timestamp: Fri 2009-03-27 21:36:34 +0300
message:
Additional patch for Bug#38347 (ALTER ROUTINE privilege
allows SHOW CREATE TABLE).
The problem was that information_schema.test,
information_schema_parameters.test and information_schema_routines.test
failed with the first patch. That happened due to limitation in check_access():
it allows only SELECT_ACL privilege for INFORMATION_SCHEMA tables.
The patch is to request only SELECT_ACL privilege for INFORMATION_SCHEMA tables.
------------------------------------------------------------
Diffstat (limited to 'sql/sql_acl.h')
| -rw-r--r-- | sql/sql_acl.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sql/sql_acl.h b/sql/sql_acl.h index ad401fa7064..ba5f5144409 100644 --- a/sql/sql_acl.h +++ b/sql/sql_acl.h @@ -85,6 +85,11 @@ #define DEFAULT_CREATE_PROC_ACLS \ (ALTER_PROC_ACL | EXECUTE_ACL) +#define SHOW_CREATE_TABLE_ACLS \ +(SELECT_ACL | INSERT_ACL | UPDATE_ACL | DELETE_ACL | \ + CREATE_ACL | DROP_ACL | ALTER_ACL | INDEX_ACL | \ + TRIGGER_ACL | REFERENCES_ACL | GRANT_ACL | CREATE_VIEW_ACL | SHOW_VIEW_ACL) + /* Defines to change the above bits to how things are stored in tables This is needed as the 'host' and 'db' table is missing a few privileges |