• sunanda's avatar
    Backport into build-201006221614-5.1.46sp1 · d72f6139
    sunanda authored
    > ------------------------------------------------------------
    > revno: 3367 [merge]
    > revision-id: joro@sun.com-20100504140328-srxf3c088j2twnq6
    > parent: kristofer.pettersson@sun.com-20100503172109-f9hracq5pqsaomb1
    > parent: joro@sun.com-20100503151651-nakknn8amrapmdp7
    > committer: Georgi Kodinov <joro@sun.com>
    > branch nick: B53371-5.1-bugteam
    > timestamp: Tue 2010-05-04 17:03:28 +0300
    > message:
    >   Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.
    >   
    >   This is the 5.1 merge and extension of the fix.
    >   The server was happily accepting paths in table name in all places a table
    >   name is accepted (e.g. a SELECT). This allowed all users that have some 
    >   privilege over some database to read all tables in all databases in all
    >   mysql server instances that the server file system has access to.
    >   Fixed by :
    >   1. making sure no path elements are allowed in quoted table name when
    >   constructing the path (note that the path symbols are still valid in table names
    >   when they're properly escaped by the server).
    >   2. checking the #mysql50# prefixed names the same way they're checked for
    >   path elements in mysql-5.0.
    > ------------------------------------------------------------
    > Use --include-merges or -n0 to see merged revisions.
    d72f6139
mysql_priv.h 97.4 KB