summaryrefslogtreecommitdiff
path: root/sql/sql_show.cc
diff options
context:
space:
mode:
authorgluh@mysql.com/eagle.(none) <>2007-08-20 11:23:08 +0500
committergluh@mysql.com/eagle.(none) <>2007-08-20 11:23:08 +0500
commit7a8fd4107d6b4f41658152319a60b0cd0425ca48 (patch)
tree614bab1c377bccda131759a371d79c6f6e10c576 /sql/sql_show.cc
parent4fdadd620d1f3d64f7864138ccbb49b67f3d9e93 (diff)
downloadmariadb-git-7a8fd4107d6b4f41658152319a60b0cd0425ca48.tar.gz
Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements
added SUPER_ACL check for I_S.TRIGGERS
Diffstat (limited to 'sql/sql_show.cc')
-rw-r--r--sql/sql_show.cc10
1 files changed, 8 insertions, 2 deletions
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 05a847b3830..e21de81fbdb 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -2684,8 +2684,7 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables,
col_access= get_column_grant(thd, &tables->grant,
base_name, file_name,
field->field_name) & COL_ACLS;
- if (lex->orig_sql_command != SQLCOM_SHOW_FIELDS &&
- !tables->schema_table && !col_access)
+ if (!tables->schema_table && !col_access)
continue;
end= tmp;
for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
@@ -3381,6 +3380,12 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
{
Table_triggers_list *triggers= tables->table->triggers;
int event, timing;
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+ if (!(thd->security_ctx->master_access & SUPER_ACL))
+ goto ret;
+#endif
+
for (event= 0; event < (int)TRG_EVENT_MAX; event++)
{
for (timing= 0; timing < (int)TRG_ACTION_MAX; timing++)
@@ -3407,6 +3412,7 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
}
}
}
+ret:
DBUG_RETURN(0);
}
View Lorry Controller Status