database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

now GRANT db.* ... compares patterns correctly to prevent privilege escalation

Browse Source
This commit is contained in:
unknown
2003-07-22 22:21:23 +02:00
parent b413e5c420
commit 1cf4eea19d
12 changed files with 85 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
mysql-test/r/grant2.result
View File

@ -5,20 +5,19 @@ grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
select current_user();
current_user()
mysqltest_1@localhost
grant all privileges on `my\_1`.* to mysqltest_9@localhost with grant option;
ERROR 42000: Access denied for user: 'mysqltest_1@localhost' to database 'my\_1'
grant all privileges on `my_%`.* to mysqltest_2@localhost with grant option;
select current_user();
current_user()
mysqltest_2@localhost
grant all privileges on `mysql`.* to mysqltest_3@localhost with grant option;
select current_user();
current_user()
mysqltest_3@localhost
grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
ERROR 42000: Access denied for user: 'mysqltest_1@localhost' to database 'my_%'
show grants for mysqltest_1@localhost;
Grants for mysqltest_1@localhost
GRANT USAGE ON *.* TO 'mysqltest_1'@'localhost'
GRANT ALL PRIVILEGES ON `my\_%`.* TO 'mysqltest_1'@'localhost' WITH GRANT OPTION
show grants for mysqltest_2@localhost;
Grants for mysqltest_2@localhost
GRANT USAGE ON *.* TO 'mysqltest_2'@'localhost'
GRANT ALL PRIVILEGES ON `my\_1`.* TO 'mysqltest_2'@'localhost' WITH GRANT OPTION
show grants for mysqltest_3@localhost;
Grants for mysqltest_3@localhost
GRANT USAGE ON *.* TO 'mysqltest_3'@'localhost'
GRANT ALL PRIVILEGES ON `mysql`.* TO 'mysqltest_3'@'localhost' WITH GRANT OPTION
ERROR 42000: There is no such grant defined for user 'mysqltest_3' on host 'localhost'
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
flush privileges;

18
mysql-test/t/grant2.test
View File

@ -15,22 +15,16 @@ grant all privileges on `my\_%`.* to mysqltest_1@localhost with grant option;
connect (user1,localhost,mysqltest_1,,);
connection user1;
select current_user();
grant all privileges on `my\_1`.* to mysqltest_2@localhost with grant option;
--error 1044
grant all privileges on `my\_1`.* to mysqltest_9@localhost with grant option;
grant all privileges on `my_%`.* to mysqltest_2@localhost with grant option;
grant all privileges on `my_%`.* to mysqltest_3@localhost with grant option;
disconnect user1;
connect (user2,localhost,mysqltest_2,,);
connection user2;
select current_user();
grant all privileges on `mysql`.* to mysqltest_3@localhost with grant option;
disconnect user2;
connect (user3,localhost,mysqltest_3,,);
connection user3;
select current_user();
show grants for mysqltest_3@localhost;
disconnect user3;
connect (root,localhost,root,,);
connection root;
show grants for mysqltest_1@localhost;
show grants for mysqltest_2@localhost;
--error 1141
show grants for mysqltest_3@localhost;
delete from mysql.user where user like 'mysqltest\_%';
delete from mysql.db where user like 'mysqltest\_%';
flush privileges;