From: Alexander Nozdrin Date: March 25 2011 4:29pm Subject: Re: bzr commit into mysql-trunk branch (Dmitry.Lenev:3532) Bug#11746602 List-Archive: http://lists.mysql.com/commits/133908 Message-Id: <4D8CC2D6.7000602@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hi, I think the patch is Ok to push. However, please consider addressing of some minor notes below. On 03/25/11 15:51, Dmitry Lenev wrote: > #At file:///home/dlenev/src/bzr/mysql-trunk-bug27480-2/ based on revid:alexander.nozdrin@stripped > > 3532 Dmitry Lenev 2011-03-25 > Patch for Bug#11746602 (27480: Extend CREATE TEMPORARY TABLES > privilege to allow temp table operations). > > The idea of this patch is to allow any relevant operation > on a temporary table which already exists. Creation of > temporary table still requires CREATE TEMPORARY TABLES > privilege on database in which this table to be created. Should we describe the problem? > @ sql/sql_parse.cc > - Now we pre-open temporary tables for DROP TABLE and HANDLER > OPEN statements. This allows correctly handle (i.e. ignore) > privilege checks in cases when we are goign to drop or open s/goign/going/ > === modified file 'mysql-test/t/grant2.test' > --- a/mysql-test/t/grant2.test 2010-08-09 08:32:50 +0000 > +++ b/mysql-test/t/grant2.test 2011-03-25 12:51:00 +0000 ... > +--echo ########################################################################### > +--echo # - Check that even having all privileges but CREATE_TMP_ACL is not enough > +--echo # to create temporary tables. > +--echo # - Check that creation/working with temporary tables is possible via > +--echo # SUID-stored-routines. > +--echo # - Check that even outside of SUID context we can access temporary > +--echo # table once it is created. > +--echo ########################################################################### > + > +--echo > +--echo # -- connect con2, mysqltest_u2@localhost, mysqltest_db1 > +--connect (con2,localhost,mysqltest_u2,,mysqltest_db1) > + > +--error ER_DBACCESS_DENIED_ERROR > +CREATE TEMPORARY TABLE t2(a INT); > + > +CALL p1(); > + > +CALL p2(); > + > +CALL p3(); > + > +--echo # Check that once table is created it can be accessed even > +--echo # outside of such a SUID context. > +INSERT INTO t4 VALUES (4); > +UPDATE t4 SET x = 10 WHERE x = 1; > +DELETE FROM t4 WHERE x< 3; > +SELECT * FROM t4 ORDER BY x; > +DROP TEMPORARY TABLE t4; > + > +--echo ########################################################################### > +--echo # - Check that once table is created it can be accessed from within any > +--echo # context. > +--echo ########################################################################### > + > +--echo > +--echo # -- connect con3, mysqltest_u4@localhost, mysqltest_db1 > +--connect (con3,localhost,mysqltest_u4,,mysqltest_db1) > + > +CALL p1(); > +INSERT INTO t4 VALUES (4); > +UPDATE t4 SET x = 10 WHERE x = 1; > +DELETE FROM t4 WHERE x< 3; > +SELECT * FROM t4 ORDER BY x; > +DROP TEMPORARY TABLE t4; > + I wanted to ask that before, but forgot ;( Why do you meant that "second" check -- what do you mean by "can be access from within any context"? I.e. what's the difference with the previous case/check? Thanks!