Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
82d218d6
Commit
82d218d6
authored
Apr 11, 2011
by
Jon Olav Hauglid
Browse files
Options
Browse Files
Download
Plain Diff
Merge from mysql-5.0-security to mysql-5.1-security
Text conflict in sql/sp_head.cc
parents
16b90883
108ad9e4
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
72 additions
and
1 deletion
+72
-1
mysql-test/r/sp-security.result
mysql-test/r/sp-security.result
+30
-0
mysql-test/t/sp-security.test
mysql-test/t/sp-security.test
+40
-0
sql/sp_head.cc
sql/sp_head.cc
+2
-1
No files found.
mysql-test/r/sp-security.result
View file @
82d218d6
...
@@ -567,3 +567,33 @@ DROP USER 'tester';
...
@@ -567,3 +567,33 @@ DROP USER 'tester';
DROP USER 'Tester';
DROP USER 'Tester';
DROP DATABASE B48872;
DROP DATABASE B48872;
End of 5.0 tests.
End of 5.0 tests.
#
# Bug#11882603 SELECT_ACL ON ANY COLUMN IN MYSQL.PROC ALLOWS TO SEE
# DEFINITION OF ANY ROUTINE.
#
DROP DATABASE IF EXISTS db1;
CREATE DATABASE db1;
CREATE PROCEDURE db1.p1() SELECT 1;
CREATE USER user2@localhost IDENTIFIED BY '';
GRANT SELECT(db) ON mysql.proc TO user2@localhost;
# Connection con2 as user2
# The below statements before disclosed info from body_utf8 column.
SHOW CREATE PROCEDURE db1.p1;
ERROR 42000: PROCEDURE p1 does not exist
SHOW PROCEDURE CODE db1.p1;
ERROR 42000: PROCEDURE p1 does not exist
# Check that SHOW works with SELECT grant on whole table
# Connection default
GRANT SELECT ON mysql.proc TO user2@localhost;
# Connection con2
# This should work
SHOW CREATE PROCEDURE db1.p1;
Procedure sql_mode Create Procedure character_set_client collation_connection Database Collation
p1 CREATE DEFINER=`root`@`localhost` PROCEDURE `p1`()
SELECT 1 latin1 latin1_swedish_ci latin1_swedish_ci
SHOW PROCEDURE CODE db1.p1;
Pos Instruction
0 stmt 0 "SELECT 1"
# Connection default
DROP USER user2@localhost;
DROP DATABASE db1;
mysql-test/t/sp-security.test
View file @
82d218d6
...
@@ -926,6 +926,46 @@ DROP DATABASE B48872;
...
@@ -926,6 +926,46 @@ DROP DATABASE B48872;
--
echo
End
of
5.0
tests
.
--
echo
End
of
5.0
tests
.
--
echo
#
--
echo
# Bug#11882603 SELECT_ACL ON ANY COLUMN IN MYSQL.PROC ALLOWS TO SEE
--
echo
# DEFINITION OF ANY ROUTINE.
--
echo
#
--
disable_warnings
DROP
DATABASE
IF
EXISTS
db1
;
--
enable_warnings
CREATE
DATABASE
db1
;
CREATE
PROCEDURE
db1
.
p1
()
SELECT
1
;
CREATE
USER
user2
@
localhost
IDENTIFIED
BY
''
;
GRANT
SELECT
(
db
)
ON
mysql
.
proc
TO
user2
@
localhost
;
--
echo
# Connection con2 as user2
connect
(
con2
,
localhost
,
user2
);
--
echo
# The below statements before disclosed info from body_utf8 column.
--
error
ER_SP_DOES_NOT_EXIST
SHOW
CREATE
PROCEDURE
db1
.
p1
;
--
error
ER_SP_DOES_NOT_EXIST
SHOW
PROCEDURE
CODE
db1
.
p1
;
--
echo
# Check that SHOW works with SELECT grant on whole table
--
echo
# Connection default
connection
default
;
GRANT
SELECT
ON
mysql
.
proc
TO
user2
@
localhost
;
--
echo
# Connection con2
connection
con2
;
--
echo
# This should work
SHOW
CREATE
PROCEDURE
db1
.
p1
;
SHOW
PROCEDURE
CODE
db1
.
p1
;
--
echo
# Connection default
connection
default
;
disconnect
con2
;
DROP
USER
user2
@
localhost
;
DROP
DATABASE
db1
;
# Wait till all disconnects are completed
# Wait till all disconnects are completed
--
source
include
/
wait_until_count_sessions
.
inc
--
source
include
/
wait_until_count_sessions
.
inc
sql/sp_head.cc
View file @
82d218d6
...
@@ -2386,7 +2386,8 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access)
...
@@ -2386,7 +2386,8 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access)
bzero
((
char
*
)
&
tables
,
sizeof
(
tables
));
bzero
((
char
*
)
&
tables
,
sizeof
(
tables
));
tables
.
db
=
(
char
*
)
"mysql"
;
tables
.
db
=
(
char
*
)
"mysql"
;
tables
.
table_name
=
tables
.
alias
=
(
char
*
)
"proc"
;
tables
.
table_name
=
tables
.
alias
=
(
char
*
)
"proc"
;
*
full_access
=
(
!
check_table_access
(
thd
,
SELECT_ACL
,
&
tables
,
1
,
TRUE
)
||
*
full_access
=
((
!
check_table_access
(
thd
,
SELECT_ACL
,
&
tables
,
1
,
TRUE
)
&&
(
tables
.
grant
.
privilege
&
SELECT_ACL
)
!=
0
)
||
(
!
strcmp
(
sp
->
m_definer_user
.
str
,
(
!
strcmp
(
sp
->
m_definer_user
.
str
,
thd
->
security_ctx
->
priv_user
)
&&
thd
->
security_ctx
->
priv_user
)
&&
!
strcmp
(
sp
->
m_definer_host
.
str
,
!
strcmp
(
sp
->
m_definer_host
.
str
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment