Below is the list of changes that have just been committed into a local
5.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2007-08-20 11:23:08+05:00, gluh@stripped +4 -0
Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements
added SUPER_ACL check for I_S.TRIGGERS
mysql-test/r/information_schema.result@stripped, 2007-08-20 11:23:06+05:00, gluh@stripped +25 -1
result fix
mysql-test/r/information_schema_db.result@stripped, 2007-08-20 11:23:06+05:00, gluh@stripped +0 -2
result fix
mysql-test/t/information_schema.test@stripped, 2007-08-20 11:23:06+05:00, gluh@stripped +26 -0
test case
sql/sql_show.cc@stripped, 2007-08-20 11:23:06+05:00, gluh@stripped +8 -2
added SUPER_ACL check for I_S.TRIGGERS
diff -Nrup a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result
--- a/mysql-test/r/information_schema.result 2007-07-12 02:10:26 +05:00
+++ b/mysql-test/r/information_schema.result 2007-08-20 11:23:06 +05:00
@@ -180,7 +180,6 @@ t1 a select
show columns from mysqltest.t1;
Field Type Null Key Default Extra
a int(11) YES NULL
-b varchar(30) YES MUL NULL
select table_name, column_name, privileges from information_schema.columns
where table_schema = 'mysqltest' and table_name = 'v1';
table_name column_name privileges
@@ -1330,4 +1329,29 @@ alter database;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
alter database test;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
+create database mysqltest;
+create table mysqltest.t1(a int, b int, c int);
+create trigger mysqltest.t1_ai after insert on mysqltest.t1
+for each row set @a = new.a + new.b + new.c;
+grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+trigger_name
+t1_ai
+show triggers from mysqltest;
+Trigger Event Table Statement Timing Created sql_mode Definer
+t1_ai INSERT t1 set @a = new.a + new.b + new.c AFTER NULL root@localhost
+show columns from t1;
+Field Type Null Key Default Extra
+b int(11) YES NULL
+select column_name from information_schema.columns where table_name='t1';
+column_name
+b
+show triggers;
+Trigger Event Table Statement Timing Created sql_mode Definer
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+trigger_name
+drop user mysqltest_1@localhost;
+drop database mysqltest;
End of 5.0 tests.
diff -Nrup a/mysql-test/r/information_schema_db.result b/mysql-test/r/information_schema_db.result
--- a/mysql-test/r/information_schema_db.result 2007-03-23 22:24:01 +04:00
+++ b/mysql-test/r/information_schema_db.result 2007-08-20 11:23:06 +05:00
@@ -140,13 +140,11 @@ create view v2 as select f1 from testdb_
create view v4 as select f1,f2 from testdb_1.v3;
show fields from testdb_1.v5;
Field Type Null Key Default Extra
-f1 char(4) YES NULL
show create view testdb_1.v5;
View Create View
v5 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_1`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v5` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1`
show fields from testdb_1.v6;
Field Type Null Key Default Extra
-f1 char(4) YES NULL
show create view testdb_1.v6;
View Create View
v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v6` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1`
diff -Nrup a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test
--- a/mysql-test/t/information_schema.test 2007-07-12 02:10:26 +05:00
+++ b/mysql-test/t/information_schema.test 2007-08-20 11:23:06 +05:00
@@ -1045,4 +1045,30 @@ drop table t1,t2;
alter database;
--error ER_PARSE_ERROR
alter database test;
+
+#
+# Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements
+#
+
+create database mysqltest;
+create table mysqltest.t1(a int, b int, c int);
+create trigger mysqltest.t1_ai after insert on mysqltest.t1
+ for each row set @a = new.a + new.b + new.c;
+grant select(b) on mysqltest.t1 to mysqltest_1@localhost;
+
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+show triggers from mysqltest;
+
+connect (con27629,localhost,mysqltest_1,,mysqltest);
+show columns from t1;
+select column_name from information_schema.columns where table_name='t1';
+
+show triggers;
+select trigger_name from information_schema.triggers
+where event_object_table='t1';
+connection default;
+drop user mysqltest_1@localhost;
+drop database mysqltest;
+
--echo End of 5.0 tests.
diff -Nrup a/sql/sql_show.cc b/sql/sql_show.cc
--- a/sql/sql_show.cc 2007-07-28 17:01:43 +05:00
+++ b/sql/sql_show.cc 2007-08-20 11:23:06 +05:00
@@ -2684,8 +2684,7 @@ static int get_schema_column_record(THD
col_access= get_column_grant(thd, &tables->grant,
base_name, file_name,
field->field_name) & COL_ACLS;
- if (lex->orig_sql_command != SQLCOM_SHOW_FIELDS &&
- !tables->schema_table && !col_access)
+ if (!tables->schema_table && !col_access)
continue;
end= tmp;
for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
@@ -3381,6 +3380,12 @@ static int get_schema_triggers_record(TH
{
Table_triggers_list *triggers= tables->table->triggers;
int event, timing;
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ if (!(thd->security_ctx->master_access & SUPER_ACL))
+ goto ret;
+#endif
+
for (event= 0; event < (int)TRG_EVENT_MAX; event++)
{
for (timing= 0; timing < (int)TRG_ACTION_MAX; timing++)
@@ -3407,6 +3412,7 @@ static int get_schema_triggers_record(TH
}
}
}
+ret:
DBUG_RETURN(0);
}
| Thread |
|---|
| • bk commit into 5.0 tree (gluh:1.2497) BUG#27629 | gluh | 20 Aug |
