#At file:///home/malff/BZR_TREE/mysql-trunk-perfschema/ based on revid:marc.alff@stripped
2941 Marc Alff 2009-11-04
Bug#44898 Performance Schema: can create a table in db performance_schema, cannot insert
Enforced table level privileges for unknown performance_schema.* tables,
to deny any operation on non performance schema tables.
modified:
mysql-test/suite/perfschema/r/misc.result
mysql-test/suite/perfschema/t/misc.test
storage/perfschema/pfs_engine_table.cc
storage/perfschema/pfs_engine_table.h
=== modified file 'mysql-test/suite/perfschema/r/misc.result'
--- a/mysql-test/suite/perfschema/r/misc.result 2009-11-04 01:15:27 +0000
+++ b/mysql-test/suite/perfschema/r/misc.result 2009-11-04 23:24:51 +0000
@@ -9,3 +9,5 @@ create table test.t1(a int) engine=perfo
ERROR HY000: Invalid performance_schema usage.
create table test.t1 like performance_schema.EVENTS_WAITS_CURRENT;
ERROR HY000: Invalid performance_schema usage.
+create table performance_schema.t1(a int);
+ERROR 42000: CREATE command denied to user 'root'@'localhost' for table 't1'
=== modified file 'mysql-test/suite/perfschema/t/misc.test'
--- a/mysql-test/suite/perfschema/t/misc.test 2009-11-04 01:15:27 +0000
+++ b/mysql-test/suite/perfschema/t/misc.test 2009-11-04 23:24:51 +0000
@@ -45,3 +45,10 @@ create table test.t1(a int) engine=perfo
--error ER_WRONG_PERFSCHEMA_USAGE
create table test.t1 like performance_schema.EVENTS_WAITS_CURRENT;
+#
+# Bug#44898 PerformanceSchema: can create a table in db performance_schema, cannot insert
+#
+
+--error ER_TABLEACCESS_DENIED_ERROR
+create table performance_schema.t1(a int);
+
=== modified file 'storage/perfschema/pfs_engine_table.cc'
--- a/storage/perfschema/pfs_engine_table.cc 2009-10-23 23:09:26 +0000
+++ b/storage/perfschema/pfs_engine_table.cc 2009-11-04 23:24:51 +0000
@@ -331,7 +331,14 @@ PFS_internal_schema_access::lookup(const
share= PFS_engine_table::find_engine_table_share(name);
if (share)
return share->m_acl;
- return NULL;
+ /*
+ Do not return NULL, it would mean we are not interested
+ in privilege checks for unknown tables.
+ Instead, return an object that denies every actions,
+ to prevent users for creating their own tables in the
+ performance_schema database schema.
+ */
+ return &pfs_unknown_acl;
}
PFS_internal_schema_access pfs_internal_access;
@@ -408,6 +415,14 @@ PFS_editable_acl::check(ulong want_acces
return ACL_INTERNAL_ACCESS_CHECK_GRANT;
}
+PFS_unknown_acl pfs_unknown_acl;
+
+ACL_internal_access_result
+PFS_unknown_acl::check(ulong want_access) const
+{
+ return ACL_INTERNAL_ACCESS_DENIED;
+}
+
/**
SHOW ENGINE PERFORMANCE_SCHEMA STATUS.
@param hton Storage engine handler
=== modified file 'storage/perfschema/pfs_engine_table.h'
--- a/storage/perfschema/pfs_engine_table.h 2009-10-23 23:09:26 +0000
+++ b/storage/perfschema/pfs_engine_table.h 2009-11-04 23:24:51 +0000
@@ -229,6 +229,20 @@ public:
extern PFS_editable_acl pfs_editable_acl;
+class PFS_unknown_acl : public ACL_internal_table_access
+{
+public:
+ PFS_unknown_acl()
+ {}
+
+ ~PFS_unknown_acl()
+ {}
+
+ ACL_internal_access_result check(ulong want_access) const;
+};
+
+extern PFS_unknown_acl pfs_unknown_acl;
+
/** Position of a cursor, for simple iterations. */
struct PFS_simple_index
{
Attachment: [text/bzr-bundle] bzr/marc.alff@sun.com-20091104232451-icvhovs7q3zjkjyu.bundle
| Thread |
|---|
| • bzr commit into mysql-trunk-perfschema branch (marc.alff:2941) Bug#44898 | Marc Alff | 5 Nov |
