Backporting patches for Bug#38347 (ALTER ROUTINE privilege

allows SHOW CREATE TABLE) from 6.0. Original revisions: ------------------------------------------------------------ revno: 2617.31.8 committer: Alexander Nozdrin <alik@sun.com> branch nick: 6.0-rt-bug38347 timestamp: Thu 2009-03-26 09:08:24 +0300 message: Patch for Bug#38347: ALTER ROUTINE privilege allows SHOW CREATE TABLE. If a user has any of the following privileges for a table (or the database if the table), he should be able to issue SHOW CREATE TABLE for the table: - CREATE - DROP - ALTER - DELETE - INDEX - INSERT - SELECT - UPDATE - TRIGGER - REFERENCES - GRANT OPTION - CREATE VIEW - SHOW VIEW Any other privilege (even SUPER) should not allow SHOW CREATE TABLE. ------------------------------------------------------------ revno: 2617.31.11 committer: Alexander Nozdrin <alik@sun.com> branch nick: 6.0-rt timestamp: Fri 2009-03-27 21:36:34 +0300 message: Additional patch for Bug#38347 (ALTER ROUTINE privilege allows SHOW CREATE TABLE). The problem was that information_schema.test, information_schema_parameters.test and information_schema_routines.test failed with the first patch. That happened due to limitation in check_access(): it allows only SELECT_ACL privilege for INFORMATION_SCHEMA tables. The patch is to request only SELECT_ACL privilege for INFORMATION_SCHEMA tables. ------------------------------------------------------------
2025-08-31 22:22:30 +03:00 · 2009-10-22 16:51:51 +04:00
parent d18a9e5f54
commit 09195da31e
5 changed files with 1067 additions and 10 deletions
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -2990,18 +2990,41 @@ end_with_restore_list:
      else
      {
        ulong save_priv;
-        if (check_access(thd, SELECT_ACL, first_table->db,
+
+        /*
+          If it is an INFORMATION_SCHEMA table, SELECT_ACL privilege is the
+          only privilege allowed. For any other privilege check_access()
+          reports an error. That's how internal implementation protects
+          INFORMATION_SCHEMA from updates.
+
+          For ordinary tables any privilege from the SHOW_CREATE_TABLE_ACLS
+          set is sufficient.
+        */
+
+        ulong check_privs= test(first_table->schema_table) ?
+                           SELECT_ACL : SHOW_CREATE_TABLE_ACLS;
+
+        if (check_access(thd, check_privs, first_table->db,
                         &save_priv, FALSE, FALSE,
                         test(first_table->schema_table)))
          goto error;
+
        /*
-          save_priv contains any privileges actually granted by check_access.
-          If there are no global privileges (save_priv == 0) and no table level
-          privileges, access is denied.
+          save_priv contains any privileges actually granted by check_access
+          (i.e. save_priv contains global (user- and database-level)
+          privileges).
+
+          The fact that check_access() returned FALSE does not mean that
+          access is granted. We need to check if save_priv contains any
+          table-specific privilege. If not, we need to check table-level
+          privileges.
+
+          If there are no global privileges and no table-level privileges,
+          access is denied.
        */
-        if (!save_priv &&
-            !has_any_table_level_privileges(thd, TABLE_ACLS,
-                                            first_table))
+
+        if (!(save_priv & (SHOW_CREATE_TABLE_ACLS)) &&
+            !has_any_table_level_privileges(thd, SHOW_CREATE_TABLE_ACLS, first_table))
        {
          my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0),
                  "SHOW", thd->security_ctx->priv_user,
@@ -3010,9 +3033,7 @@ end_with_restore_list:
        }
      }

-      /*
-        Access is granted. Execute command.
-      */
+      /* Access is granted. Execute the command.  */
      res= mysqld_show_create(thd, first_table);
      break;
    }