From: gluh
Date: April 28 2007 9:59am
Subject: bk commit into 5.1 tree (gluh:1.2489)
List-Archive: http://lists.mysql.com/commits/25663
Message-Id: <20070428095907.9321524A0079@eagle.localdomain>

Below is the list of changes that have just been committed into a local
5.1 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-04-28 14:59:01+05:00, gluh@eagle.(none) +3 -0
  Merge mysql.com:/home/gluh/MySQL/Bugs/5.0.27629
  into  mysql.com:/home/gluh/MySQL/Bugs/5.1.27629
  MERGE: 1.1810.2851.2

  mysql-test/r/information_schema.result@stripped, 2007-04-28 14:58:59+05:00, gluh@eagle.(none) +0 -0
    SCCS merged
    MERGE: 1.87.1.35

  mysql-test/t/information_schema.test@stripped, 2007-04-28 14:58:59+05:00, gluh@eagle.(none) +0 -0
    SCCS merged
    MERGE: 1.65.1.26

  sql/sql_show.cc@stripped, 2007-04-28 14:58:59+05:00, gluh@eagle.(none) +0 -0
    SCCS merged
    MERGE: 1.253.51.1

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gluh
# Host:	eagle.(none)
# Root:	/home/gluh/MySQL/Bugs/5.1.27629/RESYNC

--- 1.407/sql/sql_show.cc	2007-04-21 13:20:10 +05:00
+++ 1.408/sql/sql_show.cc	2007-04-28 14:58:59 +05:00
@@ -3105,8 +3105,7 @@ static int get_schema_column_record(THD 
     col_access= get_column_grant(thd, &tables->grant, 
                                  base_name, file_name,
                                  field->field_name) & COL_ACLS;
-    if (lex->sql_command != SQLCOM_SHOW_FIELDS  &&
-        !tables->schema_table && !col_access)
+    if (!tables->schema_table && !col_access)
       continue;
     end= tmp;
     for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
@@ -3830,6 +3829,11 @@ static int get_schema_triggers_record(TH
         ulong sql_mode;
         char definer_holder[USER_HOST_BUFF_SIZE];
         LEX_STRING definer_buffer;
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+        if (!(thd->security_ctx->master_access & SUPER_ACL))
+          continue;
+#endif
         definer_buffer.str= definer_holder;
         if (triggers->get_trigger_info(thd, (enum trg_event_type) event,
                                        (enum trg_action_time_type)timing,

--- 1.151/mysql-test/r/information_schema.result	2007-04-06 16:53:01 +05:00
+++ 1.152/mysql-test/r/information_schema.result	2007-04-28 14:58:59 +05:00
@@ -196,7 +196,6 @@ t1	a	select
 show columns from mysqltest.t1;
 Field	Type	Null	Key	Default	Extra
 a	int(11)	YES		NULL	
-b	varchar(30)	YES	MUL	NULL	
 select table_name, column_name, privileges from information_schema.columns
 where table_schema = 'mysqltest' and table_name = 'v1';
 table_name	column_name	privileges
@@ -1399,6 +1398,31 @@ TABLE_PRIVILEGES	information_schema.TABL
 TRIGGERS	information_schema.TRIGGERS	1
 USER_PRIVILEGES	information_schema.USER_PRIVILEGES	1
 VIEWS	information_schema.VIEWS	1
+create database mysqltest;
+create table mysqltest.t1(a int, b int, c int);
+create trigger mysqltest.t1_ai after insert on mysqltest.t1
+for each row set @a = new.a + new.b + new.c;
+grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+trigger_name
+t1_ai
+show triggers from mysqltest;
+Trigger	Event	Table	Statement	Timing	Created	sql_mode	Definer
+t1_ai	INSERT	t1	set @a = new.a + new.b + new.c	AFTER	NULL		root@localhost
+show columns from t1;
+Field	Type	Null	Key	Default	Extra
+b	int(11)	YES		NULL	
+select column_name from information_schema.columns where table_name='t1';
+column_name
+b
+show triggers;
+Trigger	Event	Table	Statement	Timing	Created	sql_mode	Definer
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+trigger_name
+drop user mysqltest_1@localhost;
+drop database mysqltest;
 End of 5.0 tests.
 select * from information_schema.engines WHERE ENGINE="MyISAM";
 ENGINE	SUPPORT	COMMENT	TRANSACTIONS	XA	SAVEPOINTS

--- 1.98/mysql-test/t/information_schema.test	2007-04-06 01:38:54 +05:00
+++ 1.99/mysql-test/t/information_schema.test	2007-04-28 14:58:59 +05:00
@@ -1024,6 +1024,32 @@ where t.table_schema = 'information_sche
           group by c2.column_type order by num limit 1)
 group by t.table_name order by num1, t.table_name;
 
+
+#
+# Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements
+#
+
+create database mysqltest;
+create table mysqltest.t1(a int, b int, c int);
+create trigger mysqltest.t1_ai after insert on mysqltest.t1
+  for each row set @a = new.a + new.b + new.c;
+grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
+
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+show triggers from mysqltest;
+
+connect (con27629,localhost,mysqltest_1,,mysqltest);
+show columns from t1;
+select column_name from information_schema.columns where table_name='t1';
+
+show triggers;
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+connection default;
+drop user mysqltest_1@localhost;
+drop database mysqltest;
+
 --echo End of 5.0 tests.
 #
 # Show engines