List:Commits« Previous MessageNext Message »
From:gluh Date:April 28 2007 9:51am
Subject:bk commit into 5.0 tree (gluh:1.2457) BUG#27629
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-04-28 14:51:49+05:00, gluh@stripped +3 -0
  Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements
  added SUPER_ACL check for I_S.TRIGGERS

  mysql-test/r/information_schema.result@stripped, 2007-04-28 14:51:47+05:00, gluh@stripped +25 -1
    test result

  mysql-test/t/information_schema.test@stripped, 2007-04-28 14:51:47+05:00, gluh@stripped +26 -0
    test case

  sql/sql_show.cc@stripped, 2007-04-28 14:51:47+05:00, gluh@stripped +6 -2
    added SUPER_ACL check for I_S.TRIGGERS
     

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gluh
# Host:	eagle.(none)
# Root:	/home/gluh/MySQL/Bugs/5.0.27629

--- 1.345/sql/sql_show.cc	2007-03-27 20:34:13 +05:00
+++ 1.346/sql/sql_show.cc	2007-04-28 14:51:47 +05:00
@@ -2669,8 +2669,7 @@ static int get_schema_column_record(THD 
     col_access= get_column_grant(thd, &tables->grant, 
                                  base_name, file_name,
                                  field->field_name) & COL_ACLS;
-    if (lex->orig_sql_command != SQLCOM_SHOW_FIELDS  && 
-        !tables->schema_table && !col_access)
+    if (!tables->schema_table && !col_access)
       continue;
     end= tmp;
     for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
@@ -3345,6 +3344,11 @@ static int get_schema_triggers_record(TH
         ulong sql_mode;
         char definer_holder[USER_HOST_BUFF_SIZE];
         LEX_STRING definer_buffer;
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+        if (!(thd->security_ctx->master_access & SUPER_ACL))
+          continue;
+#endif
         definer_buffer.str= definer_holder;
         if (triggers->get_trigger_info(thd, (enum trg_event_type) event,
                                        (enum trg_action_time_type)timing,

--- 1.121/mysql-test/r/information_schema.result	2007-03-27 21:31:42 +05:00
+++ 1.122/mysql-test/r/information_schema.result	2007-04-28 14:51:47 +05:00
@@ -180,7 +180,6 @@ t1	a	select
 show columns from mysqltest.t1;
 Field	Type	Null	Key	Default	Extra
 a	int(11)	YES		NULL	
-b	varchar(30)	YES	MUL	NULL	
 select table_name, column_name, privileges from information_schema.columns
 where table_schema = 'mysqltest' and table_name = 'v1';
 table_name	column_name	privileges
@@ -1315,3 +1314,28 @@ TABLE_PRIVILEGES	information_schema.TABL
 TRIGGERS	information_schema.TRIGGERS	1
 USER_PRIVILEGES	information_schema.USER_PRIVILEGES	1
 VIEWS	information_schema.VIEWS	1
+create database mysqltest;
+create table mysqltest.t1(a int, b int, c int);
+create trigger mysqltest.t1_ai after insert on mysqltest.t1
+for each row set @a = new.a + new.b + new.c;
+grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+trigger_name
+t1_ai
+show triggers from mysqltest;
+Trigger	Event	Table	Statement	Timing	Created	sql_mode	Definer
+t1_ai	INSERT	t1	set @a = new.a + new.b + new.c	AFTER	NULL		root@localhost
+show columns from t1;
+Field	Type	Null	Key	Default	Extra
+b	int(11)	YES		NULL	
+select column_name from information_schema.columns where table_name='t1';
+column_name
+b
+show triggers;
+Trigger	Event	Table	Statement	Timing	Created	sql_mode	Definer
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+trigger_name
+drop user mysqltest_1@localhost;
+drop database mysqltest;

--- 1.90/mysql-test/t/information_schema.test	2007-02-12 16:06:12 +04:00
+++ 1.91/mysql-test/t/information_schema.test	2007-04-28 14:51:47 +05:00
@@ -1023,4 +1023,30 @@ where t.table_schema = 'information_sche
           group by c2.column_type order by num limit 1)
 group by t.table_name order by num1, t.table_name;
 
+
+#
+# Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements
+#
+
+create database mysqltest;
+create table mysqltest.t1(a int, b int, c int);
+create trigger mysqltest.t1_ai after insert on mysqltest.t1
+  for each row set @a = new.a + new.b + new.c;
+grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
+
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+show triggers from mysqltest;
+
+connect (con27629,localhost,mysqltest_1,,mysqltest);
+show columns from t1;
+select column_name from information_schema.columns where table_name='t1';
+
+show triggers;
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+connection default;
+drop user mysqltest_1@localhost;
+drop database mysqltest;
+
 # End of 5.0 tests.
Thread
bk commit into 5.0 tree (gluh:1.2457) BUG#27629gluh28 Apr