List:Commits« Previous MessageNext Message »
From:Davi Arnaut Date:March 9 2010 12:16pm
Subject:bzr commit into mysql-5.1-bugteam branch (davi:3375) Bug#51770
View as plain text  
# At a local mysql-5.1-bugteam repository of davi

 3375 Davi Arnaut	2010-03-09
      Bug#51770: UNINSTALL PLUGIN requires no privileges
      
      The problem was that UNINSTALL PLUGIN wasn't performing privilege
      checks before removing a plugin. Any user (including users without 
      any kind of privileges) could uninstall any plugin.
      
      The solution is to verify if the user has the DELETE privilege for
      the mysql.plugin table before uninstalling a plugin.
     @ mysql-test/r/plugin_not_embedded.result
        Add test case result for Bug#51770.
     @ mysql-test/t/plugin_not_embedded-master.opt
        Add example plugin path.
     @ mysql-test/t/plugin_not_embedded.test
        Add test case for Bug#51770.
        Skip embedded as test relies on privileges checks.

    added:
      mysql-test/r/plugin_not_embedded.result
      mysql-test/t/plugin_not_embedded-master.opt
      mysql-test/t/plugin_not_embedded.test
    modified:
      sql/sql_plugin.cc
=== added file 'mysql-test/r/plugin_not_embedded.result'
--- a/mysql-test/r/plugin_not_embedded.result	1970-01-01 00:00:00 +0000
+++ b/mysql-test/r/plugin_not_embedded.result	2010-03-09 12:16:17 +0000
@@ -0,0 +1,11 @@
+#
+# Bug#51770: UNINSTALL PLUGIN requires no privileges
+#
+GRANT INSERT ON mysql.plugin TO bug51770@localhost;
+INSTALL PLUGIN example SONAME 'ha_example.so';
+UNINSTALL PLUGIN example;
+ERROR 42000: DELETE command denied to user 'bug51770'@'localhost' for table 'plugin'
+GRANT DELETE ON mysql.plugin TO bug51770@localhost;
+FLUSH PRIVILEGES;
+UNINSTALL PLUGIN example;
+DROP USER bug51770@localhost;

=== added file 'mysql-test/t/plugin_not_embedded-master.opt'
--- a/mysql-test/t/plugin_not_embedded-master.opt	1970-01-01 00:00:00 +0000
+++ b/mysql-test/t/plugin_not_embedded-master.opt	2010-03-09 12:16:17 +0000
@@ -0,0 +1 @@
+$EXAMPLE_PLUGIN_OPT

=== added file 'mysql-test/t/plugin_not_embedded.test'
--- a/mysql-test/t/plugin_not_embedded.test	1970-01-01 00:00:00 +0000
+++ b/mysql-test/t/plugin_not_embedded.test	2010-03-09 12:16:17 +0000
@@ -0,0 +1,20 @@
+--source include/not_embedded.inc
+--source include/have_example_plugin.inc
+
+--echo #
+--echo # Bug#51770: UNINSTALL PLUGIN requires no privileges
+--echo #
+
+GRANT INSERT ON mysql.plugin TO bug51770@localhost;
+connect(con1,localhost,bug51770,,);
+eval INSTALL PLUGIN example SONAME $HA_EXAMPLE_SO;
+--error ER_TABLEACCESS_DENIED_ERROR
+UNINSTALL PLUGIN example;
+connection default;
+GRANT DELETE ON mysql.plugin TO bug51770@localhost;
+FLUSH PRIVILEGES;
+connection con1;
+UNINSTALL PLUGIN example;
+disconnect con1;
+connection default;
+DROP USER bug51770@localhost;

=== modified file 'sql/sql_plugin.cc'
--- a/sql/sql_plugin.cc	2009-12-18 19:14:09 +0000
+++ b/sql/sql_plugin.cc	2010-03-09 12:16:17 +0000
@@ -1736,6 +1736,8 @@ bool mysql_uninstall_plugin(THD *thd, co
   bzero(&tables, sizeof(tables));
   tables.db= (char *)"mysql";
   tables.table_name= tables.alias= (char *)"plugin";
+  if (check_table_access(thd, DELETE_ACL, &tables, 1, FALSE))
+    DBUG_RETURN(TRUE);
 
   /* need to open before acquiring LOCK_plugin or it will deadlock */
   if (! (table= open_ltable(thd, &tables, TL_WRITE, 0)))


Attachment: [text/bzr-bundle] bzr/davi.arnaut@sun.com-20100309121617-7lro71taeva4s3a0.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (davi:3375) Bug#51770Davi Arnaut9 Mar
  • Re: bzr commit into mysql-5.1-bugteam branch (davi:3375) Bug#51770Konstantin Osipov12 Mar