Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements(addon for 5.1)

added TRIGGER_ACL check for I_S.TRIGGERS

Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements(addon for 5.1)
added TRIGGER_ACL check for I_S.TRIGGERS
69970f52 · gluh@mysql.com/eagle.(none) · 4ae49348 · 69970f52 · 69970f52
Commit 69970f52 authored Aug 21, 2007 by gluh@mysql.com/eagle.(none)
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

mysql-test/r/information_schema.result mysql-test/r/information_schema.result +3 -3

sql/sql_show.cc sql/sql_show.cc +1 -1

No files found.
--- a/mysql-test/r/information_schema.result
+++ b/mysql-test/r/information_schema.result
@@ -1419,8 +1419,8 @@ where event_object_table='t1';
 trigger_name
 t1_ai
 show triggers from mysqltest;
-Trigger	Event	Table	Statement	Timing	Created	sql_mode	Definer
+Trigger	Event	Table	Statement	Timing	Created	sql_mode	Definer	character_set_client	collation_connection	Database Collation
-t1_ai	INSERT	t1	set @a = new.a + new.b + new.c	AFTER	NULL		root@localhost
+t1_ai	INSERT	t1	set @a = new.a + new.b + new.c	AFTER	NULL		root@localhost	latin1	latin1_swedish_ci	latin1_swedish_ci
 show columns from t1;
 Field	Type	Null	Key	Default	Extra
 b	int(11)	YES		NULL	
@@ -1428,7 +1428,7 @@ select column_name from information_schema.columns where table_name='t1';
 column_name
 b
 show triggers;
-Trigger	Event	Table	Statement	Timing	Created	sql_mode	Definer
+Trigger	Event	Table	Statement	Timing	Created	sql_mode	Definer	character_set_client	collation_connection	Database Collation
 select trigger_name from information_schema.triggers
 where event_object_table='t1';
 trigger_name

--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -4351,7 +4351,7 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
    int event, timing;
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-    if (!(thd->security_ctx->master_access & SUPER_ACL))
+    if (check_table_access(thd, TRIGGER_ACL, tables, 1))
      goto ret;
 #endif