• Georgi Kodinov's avatar
    Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. · 0f26a053
    Georgi Kodinov authored
    This is the 5.1 merge and extension of the fix.
    The server was happily accepting paths in table name in all places a table
    name is accepted (e.g. a SELECT). This allowed all users that have some 
    privilege over some database to read all tables in all databases in all
    mysql server instances that the server file system has access to.
    Fixed by :
    1. making sure no path elements are allowed in quoted table name when
    constructing the path (note that the path symbols are still valid in table names
    when they're properly escaped by the server).
    2. checking the #mysql50# prefixed names the same way they're checked for
    path elements in mysql-5.0.
    0f26a053
sql_table.cc 254 KB