database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-36380 User has unauthorized access to a sequence through a view with security invoker

Browse Source 
check sequence privileges in Item_func_nextval::fix_fields(),
just like column privileges are checked in Item_field::fix_fields()

remove sequence specific hacks that kinda made sequence privilege
checks works, but not in all cases. And they were too lax,
didn't requre SELECT privilege for NEXTVAL. Also INSERT privilege looks
wrong here, UPDATE would've been more appropriate, but won't
change that for compatibility reasons.

also fixes

MDEV-36413 User without any privileges to a sequence can read from it and modify it via column default
This commit is contained in:
Sergei Golubchik
2025-04-11 08:28:42 +02:00
parent f89f8aa313
commit f99586668a
11 changed files with 211 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
sql/sql_parse.cc
View File

@@ -7332,18 +7332,9 @@ check_table_access(THD *thd, privilege_t requirements, TABLE_LIST *tables,
DBUG_PRINT("info", ("derived: %d view: %d", table_ref->derived != 0,
table_ref->view != 0));
if (table_ref->is_anonymous_derived_table())
if (table_ref->is_anonymous_derived_table() || table_ref->sequence)
continue;
if (table_ref->sequence)
{
/* We want to have either SELECT or INSERT rights to sequences depending
on how they are accessed
*/
want_access= ((table_ref->lock_type == TL_WRITE_ALLOW_WRITE) ?
INSERT_ACL : SELECT_ACL);
}
if (check_access(thd, want_access, table_ref->get_db_name().str,
&table_ref->grant.privilege,
&table_ref->grant.m_internal,