List:Commits« Previous MessageNext Message »
From:Alexander Nozdrin Date:March 27 2009 6:36pm
Subject:bzr commit into mysql-6.0 branch (alik:2753) Bug#38347
View as plain text  
#At file:///mnt/raid/alik/MySQL/bzr/00.builds/6.0-rt/ based on revid:alik@stripped

 2753 Alexander Nozdrin	2009-03-27
      Additional patch for Bug#38347 (ALTER ROUTINE privilege
      allows SHOW CREATE TABLE).
      
      The problem was that information_schema.test,
      information_schema_parameters.test and information_schema_routines.test
      failed with the first patch. That happened due to limitation in check_access():
      it allows only SELECT_ACL privilege for INFORMATION_SCHEMA tables.
      
      The patch is to request only SELECT_ACL privilege for INFORMATION_SCHEMA tables.

    modified:
      sql/sql_parse.cc
=== modified file 'sql/sql_parse.cc'
--- a/sql/sql_parse.cc	2009-03-26 06:08:24 +0000
+++ b/sql/sql_parse.cc	2009-03-27 18:36:34 +0000
@@ -2901,7 +2901,20 @@ ddl_blocker_err:
       {
         ulong save_priv;
 
-        if (check_access(thd, SHOW_CREATE_TABLE_ACLS, first_table->db,
+        /*
+          If it is an INFORMATION_SCHEMA table, SELECT_ACL privilege is the
+          only privilege allowed. For any other privilege check_access()
+          reports an error. That's how internal implementation protects
+          INFORMATION_SCHEMA from updates.
+
+          For ordinary tables any privilege from the SHOW_CREATE_TABLE_ACLS
+          set is sufficient.
+        */
+
+        ulong check_privs= test(first_table->schema_table) ?
+                           SELECT_ACL : SHOW_CREATE_TABLE_ACLS;
+
+        if (check_access(thd, check_privs, first_table->db,
                          &save_priv, FALSE, FALSE,
                          test(first_table->schema_table)))
           goto error;


Attachment: [text/bzr-bundle] bzr/alik@sun.com-20090327183634-l1qrx9tu6cqf0o8a.bundle
Thread
bzr commit into mysql-6.0 branch (alik:2753) Bug#38347Alexander Nozdrin27 Mar