From 34f478121f4e0b374c8cb1885bf08ca48ec669c6 Mon Sep 17 00:00:00 2001
From: "evgen@moonbone.local" <>
Date: Fri, 11 May 2007 23:19:11 +0400
Subject: Bug#27878: Unchecked privileges on a view referring to a table from
 another database.

If a user has a right to update anything in the current database then the
access was granted and further checks of access rights for underlying tables
wasn't done correctly. The check is done before a view is opened and thus no
check of access rights for underlying tables can be carried out.
This allows a user to update through a view a table from another database for
which he hasn't enough rights.

Now the mysql_update() and the mysql_test_update() functions are forces
re-checking of access rights after a view is opened.
---
 sql/sql_update.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'sql/sql_update.cc')

diff --git a/sql/sql_update.cc b/sql/sql_update.cc
index e17c71ae541..222e33345cc 100644
--- a/sql/sql_update.cc
+++ b/sql/sql_update.cc
@@ -173,8 +173,9 @@ int mysql_update(THD *thd,
   table->quick_keys.clear_all();
 
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-  /* TABLE_LIST contain right privilages request */
-  want_privilege= table_list->grant.want_privilege;
+  /* Force privilege re-checking for views after they have been opened. */
+  want_privilege= (table_list->view ? UPDATE_ACL :
+                   table_list->grant.want_privilege);
 #endif
   if (mysql_prepare_update(thd, table_list, &conds, order_num, order))
     DBUG_RETURN(1);
-- 
cgit v1.2.1