From: Davi Arnaut
Date: March 9 2010 12:16pm
Subject: bzr commit into mysql-5.1-bugteam branch (davi:3375) Bug#51770
List-Archive: http://lists.mysql.com/commits/102693
X-Bug: 51770
Message-Id: <20100309121622.A4DD1444255@skynet>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="Boundary_(ID_Ix4JKBC0//pyvM8HqK/tCA)"

--Boundary_(ID_Ix4JKBC0//pyvM8HqK/tCA)
MIME-version: 1.0
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT
Content-disposition: inline

# At a local mysql-5.1-bugteam repository of davi

 3375 Davi Arnaut	2010-03-09
      Bug#51770: UNINSTALL PLUGIN requires no privileges
      
      The problem was that UNINSTALL PLUGIN wasn't performing privilege
      checks before removing a plugin. Any user (including users without 
      any kind of privileges) could uninstall any plugin.
      
      The solution is to verify if the user has the DELETE privilege for
      the mysql.plugin table before uninstalling a plugin.
     @ mysql-test/r/plugin_not_embedded.result
        Add test case result for Bug#51770.
     @ mysql-test/t/plugin_not_embedded-master.opt
        Add example plugin path.
     @ mysql-test/t/plugin_not_embedded.test
        Add test case for Bug#51770.
        Skip embedded as test relies on privileges checks.

    added:
      mysql-test/r/plugin_not_embedded.result
      mysql-test/t/plugin_not_embedded-master.opt
      mysql-test/t/plugin_not_embedded.test
    modified:
      sql/sql_plugin.cc
=== added file 'mysql-test/r/plugin_not_embedded.result'
--- a/mysql-test/r/plugin_not_embedded.result	1970-01-01 00:00:00 +0000
+++ b/mysql-test/r/plugin_not_embedded.result	2010-03-09 12:16:17 +0000
@@ -0,0 +1,11 @@
+#
+# Bug#51770: UNINSTALL PLUGIN requires no privileges
+#
+GRANT INSERT ON mysql.plugin TO bug51770@localhost;
+INSTALL PLUGIN example SONAME 'ha_example.so';
+UNINSTALL PLUGIN example;
+ERROR 42000: DELETE command denied to user 'bug51770'@'localhost' for table 'plugin'
+GRANT DELETE ON mysql.plugin TO bug51770@localhost;
+FLUSH PRIVILEGES;
+UNINSTALL PLUGIN example;
+DROP USER bug51770@localhost;

=== added file 'mysql-test/t/plugin_not_embedded-master.opt'
--- a/mysql-test/t/plugin_not_embedded-master.opt	1970-01-01 00:00:00 +0000
+++ b/mysql-test/t/plugin_not_embedded-master.opt	2010-03-09 12:16:17 +0000
@@ -0,0 +1 @@
+$EXAMPLE_PLUGIN_OPT

=== added file 'mysql-test/t/plugin_not_embedded.test'
--- a/mysql-test/t/plugin_not_embedded.test	1970-01-01 00:00:00 +0000
+++ b/mysql-test/t/plugin_not_embedded.test	2010-03-09 12:16:17 +0000
@@ -0,0 +1,20 @@
+--source include/not_embedded.inc
+--source include/have_example_plugin.inc
+
+--echo #
+--echo # Bug#51770: UNINSTALL PLUGIN requires no privileges
+--echo #
+
+GRANT INSERT ON mysql.plugin TO bug51770@localhost;
+connect(con1,localhost,bug51770,,);
+eval INSTALL PLUGIN example SONAME $HA_EXAMPLE_SO;
+--error ER_TABLEACCESS_DENIED_ERROR
+UNINSTALL PLUGIN example;
+connection default;
+GRANT DELETE ON mysql.plugin TO bug51770@localhost;
+FLUSH PRIVILEGES;
+connection con1;
+UNINSTALL PLUGIN example;
+disconnect con1;
+connection default;
+DROP USER bug51770@localhost;

=== modified file 'sql/sql_plugin.cc'
--- a/sql/sql_plugin.cc	2009-12-18 19:14:09 +0000
+++ b/sql/sql_plugin.cc	2010-03-09 12:16:17 +0000
@@ -1736,6 +1736,8 @@ bool mysql_uninstall_plugin(THD *thd, co
   bzero(&tables, sizeof(tables));
   tables.db= (char *)"mysql";
   tables.table_name= tables.alias= (char *)"plugin";
+  if (check_table_access(thd, DELETE_ACL, &tables, 1, FALSE))
+    DBUG_RETURN(TRUE);
 
   /* need to open before acquiring LOCK_plugin or it will deadlock */
   if (! (table= open_ltable(thd, &tables, TL_WRITE, 0)))


--Boundary_(ID_Ix4JKBC0//pyvM8HqK/tCA)
MIME-version: 1.0
Content-type: text/bzr-bundle; CHARSET=US-ASCII;
 name="bzr/davi.arnaut@stripped"
Content-transfer-encoding: 7BIT
Content-disposition: inline;
 filename="bzr/davi.arnaut@stripped"

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: davi.arnaut@stripped
# target_branch: file:///home/davi/bzr/bugs/51770-5.1/
# testament_sha1: ec09fcbf9c5e58108bfb9231917962ce4a15f2df
# timestamp: 2010-03-09 09:16:22 -0300
# base_revision_id: joro@stripped
# 
# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWYMeC+MAA/lfgEAQXef//3/n
30C////wYAj/e3i12nlQHrnve9rtsl7BttrZAVPrwklMiYRPVPTNKeDVPCepielNPU00yeoYnqem
KHqAkqGhlPCZVPZSYEyDIwmEMAjT1BtNQCUgmJlPKnqND1A0B6gAADRoaDQAJESJPJTyegCnqfqT
TNTIekeiGgAAaAEeqiGgADIDR6gAGgA0AAACSJNNDQE00aEyZNTFRvU2oQ9R6mQB6mhtRfD5Y/dy
K/9bNviRY/xMorXDhzo3NGdrvlC3CdwSqYcJM7NkGGwqa0vDVF0EHU80i9khCTMqtl8cDxxThfGT
kxCXlW/3ROteTpsaL99hmXDcEz4pnwORbcsD6IYGNS10zQMBuZk6lNPbNFnSIdA8vhWl/tMZHHdD
OMIQG0kM21kMneLUEU/VI/dya5bc+uBVJsQasaFEcqDAfJ7/Uv2XI+58FTRURGrk6ZNwChyxjFOr
mu8z4msdXyK6tfXXpWuhVys2p8UgSw0cHniCYpuOAVPazDaURHyZfkwWUPW6tcVs17emOQ8njnk7
lMVs3C/WVje1w4aTMl8RMC1yKXaCzqn6BBlmM5ouI5aVGOkLStLs6YNSJ/Tg88qfVmQmBEqixDl7
HiiP66EfizZ2lcRKhxA+gz2Bu1QGWlSNLwZArchPK6zQgTUMkJwymOpjKICiUIfkUJxjgMVjRBSY
FEsUEUOA5E0kWEVwUrgvZTlFQ0mrUhR6YIJp5gZpPoGaN49C8IXWQu2uPXrGuwrG4IyJJklQ11IF
biCqUxLOvVbdQxnOsY3IbNLlCRhgVli3iWawlTkboVuQ35zZMmAWw2IJOJVg63mm4yLsTFRj8pXI
IBA0zOVZTUTLYLn1A5IVd9j2GRpxIj7z/hnfXEbQuHmdriGm+jEqG8gVhngWkDLj5mZh5Fe7dmEf
A2iyME5EvNzqCrM+5CBYZqRXtPFYLVGvPIhLiczYC1VFKoaoovzCzU+fzQ4tPAnV658FdiZ6rTw6
QNTcW6lLn1npzPE1GjNXqtkOCsHzKiZWfqMKqz1ME/ibROVFZvIF5cfWRHh6EC4FWkpDFdp+CF+V
JW2Ya5lxWZUiWuvIzyUVJxXjFp3sNTJcTsC7rWqZbwDV3QVGJyCffxMoSKhYwelEpZXSENOjiIpr
EEauiPqcWhZEqcTGK4RGKSo0MSZEzXmvsWAosXV5wouWF8iCdEpylQWBoyJYOM6vVGQYdnrxzMUK
6HN1FKoQbmpOd0brIg6YjpC8ltjGk+/8w2bYmk0ddIpF1ugTVJgXn4c4BHHacz0Dd2rYYfZgYTI4
cuiIxsP5NH83oo4brfjQYh7NWhuqsoK0fbWQ1FL0a2lsGF7iZFIWCpENH8JiEEe0Bl4iITw2E0Po
tRBSIYDhYERODBW5TkBQCiDbA2TxByszYsNCIhlRYnkwZIjkOLghUqWnoKhry1giOfTBgPG3CJIq
D9HrKZpGkApC5igzJKvDbdRk1vPsAfNw0pk4GQQJL8KBztXByrZLj0niC2nvPAjEeR9iowGB1n9B
SO8oOaf6YevxO5xQdmLwTEdyUPED+sTUTfRBT9MvThuxBfJCh9Kbh6lBikMzheko1HohV7y8OPUc
OKT1MWY3kJGPMo4YhLaAujKUvLc137/nnGKgxCw5mLpgNAxF1EIxqU4EpkUZj1Pzcr7Kfw/P5bLc
FXS6knuAIkmNlQPJG+sevm7uP9vwc6gyRhzJ2rzNTseRmrxTNxbe0xWFOB7GTfMCbiOEwSGQ71eH
IC4py4WUBfUUCY/VSK8t1q5K8+xpRi4ylH3qRDkWI8GDZmUVKmyWdwvJZUF/L7g9RUnT40uEvdgI
pNaY4l55qCuRRt7OhXHc+xAQUPXfI++RSSL0mWhKHX7wCFLBmmSOSuKNX69Yy2vQLeFaze5x9nFE
xDNSquwLtBIyWTA1KDaqp9ebtyTcziPwOESBwRYSIHYqIIYkVo3foHpmHqs0fgaLzPHsRDEZRlb0
pDqjmuw4D5CkkYRAix2LKrCEs6Pa5YZT/aIjVPnBqhGyCinQ17R6qheECbcRnV4E0Yk9y1mrZ4kl
FtZwmhEvDVATSpKdUJe4579AMdlV3tfgVd6rON4MIt6J8llIyWbiWlWCQJ+7rxl4xFlfBUj01rCW
8SW3PETnNdcglatMrN2b9w+UIbYcCgJkCGlBaBowwo9Hf5i2AnhrboUdtWkJd3SOwaieELqYFlMJ
i0kFSgP3LQXVfb68SVd9p8Z2WIZBKg5YqK7IwVqLENs4mtbTAHIcaYEJJ1iwpKTfihNgVdCIFNvD
aVosW0DO0st2LCWJNgNYTr3YOtcKvIZ2At/McOgDZR6CC9EGdMg5uiKXuWJ2mkwvqpwV4F4Bu7Fl
5HG+CXEhijXx5igytiiForYINgUN6OuQe0xrHd2dmGf2M+lnRVgVYJiN5uMe/VV6m/ckoF/VeE3G
TdX0gYeidUJd8hynMqBMvBNxNPeAWsoXq1Vs6WRMNO5chfHuCipbrHF3mEWBky+DIrWyOtBHySXx
hMZuh0JItsguitOC6tY6MUSSGD0LRS5cOp5I8Ge4B3HVojSNMTWwZYY0oW4Ai4oZjn2c0xpgo7M5
cSuYYkwzHm9hMSwAMAp/YAxtJ+3yBUKOM4LWpa9SqUSBGMI8r53f15NpQ1rO6EmNLOqDVbFwcEhl
V4rd+8uT9KOgCUJb1Qu6bjOPzMAzDmolEWXAgNqEHkwYfJaFsWNgCaEKCCLiYEvSYaZxSicUWILx
oL9GXgGTciSO0q1m3qUjqrbbpmyo4rMBg6MZFF/xdyRThQkIMeC+MA==


--Boundary_(ID_Ix4JKBC0//pyvM8HqK/tCA)--