List:Commits« Previous MessageNext Message »
From:Alexander Nozdrin Date:March 25 2011 4:29pm
Subject:Re: bzr commit into mysql-trunk branch (Dmitry.Lenev:3532) Bug#11746602
View as plain text  
Hi,

I think the patch is Ok to push. However, please consider addressing
of some minor notes below.

On 03/25/11 15:51, Dmitry Lenev wrote:
> #At file:///home/dlenev/src/bzr/mysql-trunk-bug27480-2/ based on
> revid:alexander.nozdrin@stripped
> 
>   3532 Dmitry Lenev	2011-03-25
>        Patch for Bug#11746602 (27480: Extend CREATE TEMPORARY TABLES
>        privilege to allow temp table operations).
> 
>        The idea of this patch is to allow any relevant operation
>        on a temporary table which already exists. Creation of
>        temporary table still requires CREATE TEMPORARY TABLES
>        privilege on database in which this table to be created.

Should we describe the problem?

>       @ sql/sql_parse.cc
>          - Now we pre-open temporary tables for DROP TABLE and HANDLER
>            OPEN statements. This allows correctly handle (i.e. ignore)
>            privilege checks in cases when we are goign to drop or open

s/goign/going/

> === modified file 'mysql-test/t/grant2.test'
> --- a/mysql-test/t/grant2.test	2010-08-09 08:32:50 +0000
> +++ b/mysql-test/t/grant2.test	2011-03-25 12:51:00 +0000
...
> +--echo ###########################################################################
> +--echo # - Check that even having all privileges but CREATE_TMP_ACL is not enough
> +--echo #   to create temporary tables.
> +--echo # - Check that creation/working with temporary tables is possible via
> +--echo #   SUID-stored-routines.
> +--echo # - Check that even outside of SUID context we can access temporary
> +--echo #   table once it is created.
> +--echo ###########################################################################
> +
> +--echo
> +--echo # -- connect con2, mysqltest_u2@localhost, mysqltest_db1
> +--connect (con2,localhost,mysqltest_u2,,mysqltest_db1)
> +
> +--error ER_DBACCESS_DENIED_ERROR
> +CREATE TEMPORARY TABLE t2(a INT);
> +
> +CALL p1();
> +
> +CALL p2();
> +
> +CALL p3();
> +
> +--echo # Check that once table is created it can be accessed even
> +--echo # outside of such a SUID context.
> +INSERT INTO t4 VALUES (4);
> +UPDATE t4 SET x = 10 WHERE x = 1;
> +DELETE FROM t4 WHERE x<  3;
> +SELECT * FROM t4 ORDER BY x;
> +DROP TEMPORARY TABLE t4;
> +
> +--echo ###########################################################################
> +--echo # - Check that once table is created it can be accessed from within any
> +--echo #   context.
> +--echo ###########################################################################
> +
> +--echo
> +--echo # -- connect con3, mysqltest_u4@localhost, mysqltest_db1
> +--connect (con3,localhost,mysqltest_u4,,mysqltest_db1)
> +
> +CALL p1();
> +INSERT INTO t4 VALUES (4);
> +UPDATE t4 SET x = 10 WHERE x = 1;
> +DELETE FROM t4 WHERE x<  3;
> +SELECT * FROM t4 ORDER BY x;
> +DROP TEMPORARY TABLE t4;
> +

I wanted to ask that before, but forgot ;(

Why do you meant that "second" check -- what do you mean by "can be
access from within any context"? I.e. what's the difference with the
previous case/check?

Thanks!
Thread
bzr commit into mysql-trunk branch (Dmitry.Lenev:3532) Bug#11746602Dmitry Lenev25 Mar
  • Re: bzr commit into mysql-trunk branch (Dmitry.Lenev:3532) Bug#11746602Alexander Nozdrin25 Mar