• Jon Olav Hauglid's avatar
    Bug#11882603 SELECT_ACL ON ANY COLUMN IN MYSQL.PROC ALLOWS TO SEE · b3ea1d1f
    Jon Olav Hauglid authored
                 DEFINITION OF ANY ROUTINE.
    
    The problem was that having the SELECT privilege any column of the
    mysql.proc table by mistake allowed the user to see the definition
    of all routines (using SHOW CREATE PROCEDURE/FUNCTION and SHOW
    PROCEDURE/FUNCTION CODE).
    
    This patch fixes the problem by making sure that those commands
    are only allowed if the user has the SELECT privilege on the
    mysql.proc table itself.
    
    Test case added to sp-security.test.
    b3ea1d1f
sp_head.cc 98.2 KB