diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2014-06-05 15:59:35 +0200 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2014-06-05 15:59:35 +0200 |
| commit | 37d353770f4c8837a7dd8c674ab6022ec4582405 (patch) | |
| tree | 2c875b194cbd854abd78dac9abc1760ce801688d /mysql-test/t/grant.test | |
| parent | 29065d502a416b0bef54da1784e7bb7bc2ab3504 (diff) | |
| download | mariadb-git-37d353770f4c8837a7dd8c674ab6022ec4582405.tar.gz | |
MDEV-5998 MySQL Bug#11756966 - 48958: STORED PROCEDURES CAN BE LEVERAGED TO BYPASS DATABASE SECURITY
Merge from mysql-5.6:
revno: 3257
committer: Jon Olav Hauglid <jon.hauglid@oracle.com>
branch nick: mysql-trunk-bug11756966
timestamp: Thu 2011-07-14 09:32:01 +0200
message:
Bug#11756966 - 48958: STORED PROCEDURES CAN BE LEVERAGED TO BYPASS
DATABASE SECURITY
The problem was that CREATE PROCEDURE/FUCTION could be used to
check the existence of databases for which the user had no
privileges and therefore should not be allowed to see.
The reason was that existence of a given database was checked
before privileges. So trying to create a stored routine in
a non-existent database would give a different error than trying
to create a stored routine in a restricted database.
This patch fixes the problem by changing the order of the checks
for CREATE PROCEDURE/FUNCTION so that privileges are checked first.
This means that trying to create a stored routine in a
non-existent database and in a restricted database both will
give ER_DBACCESS_DENIED_ERROR error.
Test case added to grant.test.
Diffstat (limited to 'mysql-test/t/grant.test')
| -rw-r--r-- | mysql-test/t/grant.test | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index cb2b1ab5f3d..ed7271521c8 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -1852,9 +1852,6 @@ revoke select on Foo.* from myuser@localhost; delete from mysql.user where User='myuser'; flush privileges; -# Wait till we reached the initial number of concurrent sessions ---source include/wait_until_count_sessions.inc - --echo ######################################################################### --echo # --echo # Bug#38347: ALTER ROUTINE privilege allows SHOW CREATE TABLE. @@ -2177,3 +2174,39 @@ DROP USER mysqltest_u1@localhost; --echo --echo # End of Bug#38347. --echo + +--echo # +--echo # Bug#11756966 - 48958: STORED PROCEDURES CAN BE LEVERAGED TO BYPASS +--echo # DATABASE SECURITY +--echo # + +--disable_warnings +DROP DATABASE IF EXISTS secret; +DROP DATABASE IF EXISTS no_such_db; +--enable_warnings + +CREATE DATABASE secret; +GRANT USAGE ON *.* TO untrusted@localhost; + +--echo # Connection con1 +connect (con1, localhost, untrusted); +SHOW GRANTS; +SHOW DATABASES; + +--echo # Both statements below should fail with the same error. +--echo # They used to give different errors, thereby +--echo # hinting that the secret database exists. +--error ER_DBACCESS_DENIED_ERROR +CREATE PROCEDURE no_such_db.foo() BEGIN END; +--error ER_DBACCESS_DENIED_ERROR +CREATE PROCEDURE secret.peek_at_secret() BEGIN END; + +--echo # Connection default +--connection default +disconnect con1; +DROP USER untrusted@localhost; +DROP DATABASE secret; + +# Wait till we reached the initial number of concurrent sessions +--source include/wait_until_count_sessions.inc + |