Bug#27878: Unchecked privileges on a view referring to a table from another

database.

If a user has a right to update anything in the current database then the 
access was granted and further checks of access rights for underlying tables
wasn't done correctly. The check is done before a view is opened and thus no
check of access rights for underlying tables can be carried out.
This allows a user to update through a view a table from another database for
which he hasn't enough rights.

Now the mysql_update() and the mysql_test_update() functions are forces
re-checking of access rights after a view is opened.


mysql-test/t/grant.test:
  Added a test case for the bug#27878: Unchecked privileges on a view referring to a table from another database.
mysql-test/r/grant.result:
  Added a test case for the bug#27878: Unchecked privileges on a view referring to a table from another database.
sql/sql_update.cc:
  Bug#27878: Unchecked privileges on a view referring to a table from another 
  database.
  Now the mysql_update() function forces re-checking of access rights after 
  the view is opened.
sql/sql_prepare.cc:
  Bug#27878: Unchecked privileges on a view referring to a table from another 
  database.
  Now the mysql_test_update() function forces re-checking of access rights after
  the view is opened.

1 files changed, 3 insertions, 2 deletions

diff --git a/sql/sql_update.cc b/sql/sql_update.cc
index e17c71ae541..222e33345cc 100644
--- a/sql/sql_update.cc
+++ b/sql/sql_update.cc
@@ -173,8 +173,9 @@ int mysql_update(THD *thd,
   table->quick_keys.clear_all();
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-  /* TABLE_LIST contain right privilages request */
-  want_privilege= table_list->grant.want_privilege;
+  /* Force privilege re-checking for views after they have been opened. */
+  want_privilege= (table_list->view ? UPDATE_ACL :
+                   table_list->grant.want_privilege);
 #endif
   if (mysql_prepare_update(thd, table_list, &conds, order_num, order))
     DBUG_RETURN(1);