Commit 700c3786 authored by unknown's avatar unknown

Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements(addon for 5.1)

added TRIGGER_ACL check for I_S.TRIGGERS


mysql-test/r/information_schema.result:
  result fix
parent 4dfb90d8
......@@ -1419,8 +1419,8 @@ where event_object_table='t1';
trigger_name
t1_ai
show triggers from mysqltest;
Trigger Event Table Statement Timing Created sql_mode Definer
t1_ai INSERT t1 set @a = new.a + new.b + new.c AFTER NULL root@localhost
Trigger Event Table Statement Timing Created sql_mode Definer character_set_client collation_connection Database Collation
t1_ai INSERT t1 set @a = new.a + new.b + new.c AFTER NULL root@localhost latin1 latin1_swedish_ci latin1_swedish_ci
show columns from t1;
Field Type Null Key Default Extra
b int(11) YES NULL
......@@ -1428,7 +1428,7 @@ select column_name from information_schema.columns where table_name='t1';
column_name
b
show triggers;
Trigger Event Table Statement Timing Created sql_mode Definer
Trigger Event Table Statement Timing Created sql_mode Definer character_set_client collation_connection Database Collation
select trigger_name from information_schema.triggers
where event_object_table='t1';
trigger_name
......
......@@ -4351,7 +4351,7 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
int event, timing;
#ifndef NO_EMBEDDED_ACCESS_CHECKS
if (!(thd->security_ctx->master_access & SUPER_ACL))
if (check_table_access(thd, TRIGGER_ACL, tables, 1))
goto ret;
#endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment