diff options
| author | unknown <evgen@moonbone.local> | 2007-05-11 23:19:11 +0400 |
|---|---|---|
| committer | unknown <evgen@moonbone.local> | 2007-05-11 23:19:11 +0400 |
| commit | 04efdb1526fbe97ffe003a83da81a550dd234991 (patch) | |
| tree | c1a6ef79fc28e911c7f4656d693d37ef057e1d61 /sql | |
| parent | be5ff3e2ba4ddf32241348de6184be0172d34a37 (diff) | |
| download | mariadb-git-04efdb1526fbe97ffe003a83da81a550dd234991.tar.gz | |
Bug#27878: Unchecked privileges on a view referring to a table from another
database.
If a user has a right to update anything in the current database then the
access was granted and further checks of access rights for underlying tables
wasn't done correctly. The check is done before a view is opened and thus no
check of access rights for underlying tables can be carried out.
This allows a user to update through a view a table from another database for
which he hasn't enough rights.
Now the mysql_update() and the mysql_test_update() functions are forces
re-checking of access rights after a view is opened.
mysql-test/t/grant.test:
Added a test case for the bug#27878: Unchecked privileges on a view referring to a table from another database.
mysql-test/r/grant.result:
Added a test case for the bug#27878: Unchecked privileges on a view referring to a table from another database.
sql/sql_update.cc:
Bug#27878: Unchecked privileges on a view referring to a table from another
database.
Now the mysql_update() function forces re-checking of access rights after
the view is opened.
sql/sql_prepare.cc:
Bug#27878: Unchecked privileges on a view referring to a table from another
database.
Now the mysql_test_update() function forces re-checking of access rights after
the view is opened.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/sql_prepare.cc | 5 | ||||
| -rw-r--r-- | sql/sql_update.cc | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 1ec65743b0f..90361f8ff0d 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -1164,8 +1164,9 @@ static int mysql_test_update(Prepared_statement *stmt, goto error; #ifndef NO_EMBEDDED_ACCESS_CHECKS - /* TABLE_LIST contain right privilages request */ - want_privilege= table_list->grant.want_privilege; + /* Force privilege re-checking for views after they have been opened. */ + want_privilege= (table_list->view ? UPDATE_ACL : + table_list->grant.want_privilege); #endif if (mysql_prepare_update(thd, table_list, &select->where, diff --git a/sql/sql_update.cc b/sql/sql_update.cc index e17c71ae541..222e33345cc 100644 --- a/sql/sql_update.cc +++ b/sql/sql_update.cc @@ -173,8 +173,9 @@ int mysql_update(THD *thd, table->quick_keys.clear_all(); #ifndef NO_EMBEDDED_ACCESS_CHECKS - /* TABLE_LIST contain right privilages request */ - want_privilege= table_list->grant.want_privilege; + /* Force privilege re-checking for views after they have been opened. */ + want_privilege= (table_list->view ? UPDATE_ACL : + table_list->grant.want_privilege); #endif if (mysql_prepare_update(thd, table_list, &conds, order_num, order)) DBUG_RETURN(1); |