• Praveenkumar Hulakund's avatar
    Bug#18790730 - CROSS-DATABASE FOREIGN KEY WITHOUT PERMISSIONS · cf4231a7
    Praveenkumar Hulakund authored
                   CHECK.
    
    Analysis:
    ----------
    Issue here is, while creating or altering the InnoDB table,
    if the foreign key defined on the table references a parent
    table on which the user has no access privileges then the
    table is created without reporting any error. 
    
    Currently the privilege level REFERENCES_ACL is unused
    and is not used for access evaluation while creating the
    table with a foreign key constraint or adding the foreign
    key constraint to a table. But when no privileges are granted
    to user then also access evaluation on parent table is ignored.
    
    Fix:
    ---------
    For DMLs, irrelevant of the fact, support does not want any
    changes to avoid permission checks on every operation.
    
    So, as a fix, added a function "check_fk_parent_table_access" 
    to check whether any of the SELECT_ACL, INSERT_ACL, UDPATE_ACL,
    DELETE_ACL or REFERENCE_ACL privileges are granted for user
    at table level. If none of them is granted then error is reported.
    This function is called during the table creation and alter 
    operation. 
    cf4231a7
sql_table.cc 243 KB