List:Commits« Previous MessageNext Message »
From:Martin Hansson Date:September 21 2009 1:12pm
Subject:bzr commit into mysql-5.1-bugteam branch (mhansson:3116) Bug#35996
View as plain text  
#At file:///data0/martin/bzr/bug35996/5.1bt/ based on revid:mhansson@stripped

 3116 Martin Hansson	2009-09-21
      Bug#35996: Security Breach In Smashed TEMPTABLE Views During SHOW CREATE VIEW there is no reason to 'anonymize' errors that name objects that a user does not have access to. Moreover it was inconsistently implemented. For example base tables being referenced from a view appear to be ok, but not views. The manual on the other hand is clear: If a user has the privileges SELECT and SHOW VIEW, the view definition is available to that user, period. The fix changes the behavior to support the manual. 


Attachment: [text/bzr-bundle] bzr/mhansson@mysql.com-20090921131226-f2vmqhghuakp6b1h.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (mhansson:3116) Bug#35996Martin Hansson21 Sep