List:Commits« Previous MessageNext Message »
From:vasil.dimov Date:August 17 2011 9:39am
Subject:bzr push into mysql-trunk branch (vasil.dimov:3377 to 3378)
View as plain text  
 3378 Vasil Dimov	2011-08-17
      Fix typo in comment

 3377 Alexander Nozdrin	2011-08-17
      A patch for Bug#12771903: User with create temporary tables priv only has full
      access to a regular table.
      The bug was introduced by a patch for Bug 11746602(27480).
        - privileges for underlying tables of a merge table are checked at
          CREATE / ALTER TABLE time;
        - temporary tables shadow regular(base) tables.
      The problem was that only CREATE_TMP_TABLE_ACL was required to create a temporary
      merge table over other temporary tables. That led to security hole:
        - create a temporary merge table over the temporary tables, shadowing base tables;
        - drop the underlying temporary tables;
        - get full access to the base tables through the merge table.
      The fix is to require SELECT, UPDATE, DELETE privileges on base tables
      even if there are temporary tables with the same names.
      Technically, the fix is to remove pre-opening of temporary tables
      in CREATE / ALTER TABLE for merge tables.
      Alternatively, a fix could be to change MERGE tables to remember child
      table types at CREATE TABLE time. This approach was considered and rejected,
      because it requires a lot of changes in MERGE tables -- now child tables are not
      checked at that time.

=== modified file 'storage/innobase/include/trx0sys.h'
--- a/storage/innobase/include/trx0sys.h	revid:alexander.nozdrin@stripped
+++ b/storage/innobase/include/trx0sys.h	revid:vasil.dimov@stripped
@@ -618,7 +618,7 @@ this contains the same fields as TRX_SYS
 /** If this is not yet set to TRX_SYS_DOUBLEWRITE_SPACE_ID_STORED_N,
 we must reset the doublewrite buffer, because starting from 4.1.x the
 space id of a data page is stored into

No bundle (reason: useless for push emails).
bzr push into mysql-trunk branch (vasil.dimov:3377 to 3378) vasil.dimov22 Aug