3378 Vasil Dimov 2011-08-17
Fix typo in comment
3377 Alexander Nozdrin 2011-08-17
A patch for Bug#12771903: User with create temporary tables priv only has full
access to a regular table.
The bug was introduced by a patch for Bug 11746602(27480).
- privileges for underlying tables of a merge table are checked at
CREATE / ALTER TABLE time;
- temporary tables shadow regular(base) tables.
The problem was that only CREATE_TMP_TABLE_ACL was required to create a temporary
merge table over other temporary tables. That led to security hole:
- create a temporary merge table over the temporary tables, shadowing base tables;
- drop the underlying temporary tables;
- get full access to the base tables through the merge table.
The fix is to require SELECT, UPDATE, DELETE privileges on base tables
even if there are temporary tables with the same names.
Technically, the fix is to remove pre-opening of temporary tables
in CREATE / ALTER TABLE for merge tables.
Alternatively, a fix could be to change MERGE tables to remember child
table types at CREATE TABLE time. This approach was considered and rejected,
because it requires a lot of changes in MERGE tables -- now child tables are not
checked at that time.
=== modified file 'storage/innobase/include/trx0sys.h'
--- a/storage/innobase/include/trx0sys.h revid:alexander.nozdrin@stripped
+++ b/storage/innobase/include/trx0sys.h revid:vasil.dimov@stripped
@@ -618,7 +618,7 @@ this contains the same fields as TRX_SYS
/** If this is not yet set to TRX_SYS_DOUBLEWRITE_SPACE_ID_STORED_N,
we must reset the doublewrite buffer, because starting from 4.1.x the
space id of a data page is stored into
#define TRX_SYS_DOUBLEWRITE_SPACE_ID_STORED (24 + FSEG_HEADER_SIZE)
No bundle (reason: useless for push emails).
|• bzr push into mysql-trunk branch (vasil.dimov:3377 to 3378) ||vasil.dimov||22 Aug|