database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

now GRANT db.* ... compares patterns correctly to prevent privilege escalation

Browse Source
This commit is contained in:
unknown
2003-07-22 22:21:23 +02:00
parent b413e5c420
commit 1cf4eea19d
12 changed files with 85 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sql/sql_parse.cc
View File

@ -3254,7 +3254,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
if (!(thd->master_access & SELECT_ACL) &&
(db && (!thd->db || strcmp(db,thd->db))))
db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
thd->priv_user, db); /* purecov: inspected */
thd->priv_user, db, test(want_access & GRANT_ACL));
*save_priv=thd->master_access | db_access;
DBUG_RETURN(FALSE);
}
@ -3274,7 +3274,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv,
if (db && (!thd->db || strcmp(db,thd->db)))
db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
thd->priv_user, db); /* purecov: inspected */
thd->priv_user, db, test(want_access & GRANT_ACL));
else
db_access=thd->db_access;
// Remove SHOW attribute and access rights we already have