List:Commits« Previous MessageNext Message »
From:Alexander Nozdrin Date:March 27 2009 6:36pm
Subject:bzr commit into mysql-6.0 branch (alik:2753) Bug#38347
View as plain text  
#At file:///mnt/raid/alik/MySQL/bzr/00.builds/6.0-rt/ based on revid:alik@stripped

 2753 Alexander Nozdrin	2009-03-27
      Additional patch for Bug#38347 (ALTER ROUTINE privilege
      allows SHOW CREATE TABLE).
      The problem was that information_schema.test,
      information_schema_parameters.test and information_schema_routines.test
      failed with the first patch. That happened due to limitation in check_access():
      it allows only SELECT_ACL privilege for INFORMATION_SCHEMA tables.
      The patch is to request only SELECT_ACL privilege for INFORMATION_SCHEMA tables.

=== modified file 'sql/'
--- a/sql/	2009-03-26 06:08:24 +0000
+++ b/sql/	2009-03-27 18:36:34 +0000
@@ -2901,7 +2901,20 @@ ddl_blocker_err:
         ulong save_priv;
-        if (check_access(thd, SHOW_CREATE_TABLE_ACLS, first_table->db,
+        /*
+          If it is an INFORMATION_SCHEMA table, SELECT_ACL privilege is the
+          only privilege allowed. For any other privilege check_access()
+          reports an error. That's how internal implementation protects
+          INFORMATION_SCHEMA from updates.
+          For ordinary tables any privilege from the SHOW_CREATE_TABLE_ACLS
+          set is sufficient.
+        */
+        ulong check_privs= test(first_table->schema_table) ?
+                           SELECT_ACL : SHOW_CREATE_TABLE_ACLS;
+        if (check_access(thd, check_privs, first_table->db,
                          &save_priv, FALSE, FALSE,
           goto error;

Attachment: [text/bzr-bundle] bzr/
bzr commit into mysql-6.0 branch (alik:2753) Bug#38347Alexander Nozdrin27 Mar