database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug#51770: UNINSTALL PLUGIN requires no privileges

Browse Source 
The problem was that UNINSTALL PLUGIN wasn't performing privilege
checks before removing a plugin. Any user (including users without 
any kind of privileges) could uninstall any plugin.

The solution is to verify if the user has the DELETE privilege for
the mysql.plugin table before uninstalling a plugin.

mysql-test/r/plugin_not_embedded.result:
  Add test case result for Bug#51770.
mysql-test/t/plugin_not_embedded-master.opt:
  Add example plugin path.
mysql-test/t/plugin_not_embedded.test:
  Add test case for Bug#51770.
  Skip embedded as test relies on privileges checks.
This commit is contained in:
Davi Arnaut
2010-03-09 09:16:17 -03:00
parent b8132a8d94
commit 81ffd72a58
4 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
mysql-test/r/plugin_not_embedded.result Normal file
View File

@ -0,0 +1,11 @@
#
# Bug#51770: UNINSTALL PLUGIN requires no privileges
#
GRANT INSERT ON mysql.plugin TO bug51770@localhost;
INSTALL PLUGIN example SONAME 'ha_example.so';
UNINSTALL PLUGIN example;
ERROR 42000: DELETE command denied to user 'bug51770'@'localhost' for table 'plugin'
GRANT DELETE ON mysql.plugin TO bug51770@localhost;
FLUSH PRIVILEGES;
UNINSTALL PLUGIN example;
DROP USER bug51770@localhost;

1
mysql-test/t/plugin_not_embedded-master.opt Normal file
View File

@ -0,0 +1 @@
$EXAMPLE_PLUGIN_OPT

20
mysql-test/t/plugin_not_embedded.test Normal file
View File

@ -0,0 +1,20 @@
--source include/not_embedded.inc
--source include/have_example_plugin.inc
--echo #
--echo # Bug#51770: UNINSTALL PLUGIN requires no privileges
--echo #
GRANT INSERT ON mysql.plugin TO bug51770@localhost;
connect(con1,localhost,bug51770,,);
eval INSTALL PLUGIN example SONAME $HA_EXAMPLE_SO;
--error ER_TABLEACCESS_DENIED_ERROR
UNINSTALL PLUGIN example;
connection default;
GRANT DELETE ON mysql.plugin TO bug51770@localhost;
FLUSH PRIVILEGES;
connection con1;
UNINSTALL PLUGIN example;
disconnect con1;
connection default;
DROP USER bug51770@localhost;

2
sql/sql_plugin.cc
View File

@ -1736,6 +1736,8 @@ bool mysql_uninstall_plugin(THD *thd, const LEX_STRING *name)
bzero(&tables, sizeof(tables));
tables.db= (char *)"mysql";
tables.table_name= tables.alias= (char *)"plugin";
if (check_table_access(thd, DELETE_ACL, &tables, 1, FALSE))
DBUG_RETURN(TRUE);
/* need to open before acquiring LOCK_plugin or it will deadlock */
if (! (table= open_ltable(thd, &tables, TL_WRITE, 0)))