database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

Bug#17254: Error for DEFINER security on VIEW provides too much info

Browse Source 
If a view was created with the DEFINER security and later the definer user
was dropped then a SELECT from the view throws the error message saying that
there is no definer user is registered. This is ok for a root but too much
for a mere user.

Now the st_table_list::prepare_view_securety_context() function reveals
the absence of the definer only to a superuser and throws the 'access denied'
error to others.


mysql-test/t/view_grant.test:
  Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info
mysql-test/r/view_grant.result:
  Added a test case for bug#17254: Error for DEFINER security on VIEW provides too much info
sql/table.cc:
  Bug#17254: Error for DEFINER security on VIEW provides too much info
  Now the st_table_list::prepare_view_securety_context() function reveals
  the absence of the definer only to a superuser and throws the 'access denied'
  error to others.
This commit is contained in:
unknown
2006-11-27 16:15:32 +03:00
parent c0f63d8564
commit af1b3da56f
3 changed files with 69 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
mysql-test/r/view_grant.result
View File

@ -712,3 +712,23 @@ DROP FUNCTION f1;
DROP VIEW v2;
DROP VIEW v1;
DROP USER mysqltest_u1@localhost;
CREATE DATABASE db17254;
USE db17254;
CREATE TABLE t1 (f1 INT);
INSERT INTO t1 VALUES (10),(20);
CREATE USER def_17254@localhost;
GRANT SELECT ON db17254.* TO def_17254@localhost;
CREATE USER inv_17254@localhost;
GRANT SELECT ON db17254.t1 TO inv_17254@localhost;
GRANT CREATE VIEW ON db17254.* TO def_17254@localhost;
CREATE VIEW v1 AS SELECT * FROM t1;
DROP USER def_17254@localhost;
for a user
SELECT * FROM v1;
ERROR 42000: SELECT command denied to user 'inv_17254'@'localhost' for table 'v1
'
for a superuser
SELECT * FROM v1;
ERROR HY000: There is no 'def_17254'@'localhost' registered
DROP USER inv_17254@localhost;
DROP DATABASE db17254;

37
mysql-test/t/view_grant.test
View File

@ -927,4 +927,41 @@ DROP VIEW v2;
DROP VIEW v1;
DROP USER mysqltest_u1@localhost;
#
# Bug#17254: Error for DEFINER security on VIEW provides too much info
#
connect (root,localhost,root,,);
connection root;
CREATE DATABASE db17254;
USE db17254;
CREATE TABLE t1 (f1 INT);
INSERT INTO t1 VALUES (10),(20);
CREATE USER def_17254@localhost;
GRANT SELECT ON db17254.* TO def_17254@localhost;
CREATE USER inv_17254@localhost;
GRANT SELECT ON db17254.t1 TO inv_17254@localhost;
GRANT CREATE VIEW ON db17254.* TO def_17254@localhost;
connect (def,localhost,def_17254,,db17254);
connection def;
CREATE VIEW v1 AS SELECT * FROM t1;
connection root;
DROP USER def_17254@localhost;
connect (inv,localhost,inv_17254,,db17254);
connection inv;
--echo for a user
--error 1142
SELECT * FROM v1;
connection root;
--echo for a superuser
--error 1449
SELECT * FROM v1;
DROP USER inv_17254@localhost;
DROP DATABASE db17254;
disconnect def;
disconnect inv;
# End of 5.0 tests.