From 29ee5ed0a04a2db4e5e23a359a3acf9b4e474ab0 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 20 Aug 2007 11:23:08 +0500 Subject: Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements added SUPER_ACL check for I_S.TRIGGERS mysql-test/r/information_schema.result: result fix mysql-test/r/information_schema_db.result: result fix mysql-test/t/information_schema.test: test case sql/sql_show.cc: added SUPER_ACL check for I_S.TRIGGERS --- mysql-test/r/information_schema.result | 26 +++++++++++++++++++++++++- mysql-test/r/information_schema_db.result | 2 -- mysql-test/t/information_schema.test | 26 ++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 3 deletions(-) (limited to 'mysql-test') diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index 9d0e41b341a..612e744a0f4 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -180,7 +180,6 @@ t1 a select show columns from mysqltest.t1; Field Type Null Key Default Extra a int(11) YES NULL -b varchar(30) YES MUL NULL select table_name, column_name, privileges from information_schema.columns where table_schema = 'mysqltest' and table_name = 'v1'; table_name column_name privileges @@ -1330,4 +1329,29 @@ alter database; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 alter database test; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 +create database mysqltest; +create table mysqltest.t1(a int, b int, c int); +create trigger mysqltest.t1_ai after insert on mysqltest.t1 +for each row set @a = new.a + new.b + new.c; +grant select(b) on mysqltest.t1 to mysqltest_1@localhost; +select trigger_name from information_schema.triggers +where event_object_table='t1'; +trigger_name +t1_ai +show triggers from mysqltest; +Trigger Event Table Statement Timing Created sql_mode Definer +t1_ai INSERT t1 set @a = new.a + new.b + new.c AFTER NULL root@localhost +show columns from t1; +Field Type Null Key Default Extra +b int(11) YES NULL +select column_name from information_schema.columns where table_name='t1'; +column_name +b +show triggers; +Trigger Event Table Statement Timing Created sql_mode Definer +select trigger_name from information_schema.triggers +where event_object_table='t1'; +trigger_name +drop user mysqltest_1@localhost; +drop database mysqltest; End of 5.0 tests. diff --git a/mysql-test/r/information_schema_db.result b/mysql-test/r/information_schema_db.result index 2d330dda333..dd1f0295277 100644 --- a/mysql-test/r/information_schema_db.result +++ b/mysql-test/r/information_schema_db.result @@ -140,13 +140,11 @@ create view v2 as select f1 from testdb_1.v1; create view v4 as select f1,f2 from testdb_1.v3; show fields from testdb_1.v5; Field Type Null Key Default Extra -f1 char(4) YES NULL show create view testdb_1.v5; View Create View v5 CREATE ALGORITHM=UNDEFINED DEFINER=`testdb_1`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v5` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` show fields from testdb_1.v6; Field Type Null Key Default Extra -f1 char(4) YES NULL show create view testdb_1.v6; View Create View v6 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `testdb_1`.`v6` AS select `testdb_1`.`t1`.`f1` AS `f1` from `testdb_1`.`t1` diff --git a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test index 6cf4ad8f576..7637a027e8f 100644 --- a/mysql-test/t/information_schema.test +++ b/mysql-test/t/information_schema.test @@ -1045,4 +1045,30 @@ drop table t1,t2; alter database; --error ER_PARSE_ERROR alter database test; + +# +# Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements +# + +create database mysqltest; +create table mysqltest.t1(a int, b int, c int); +create trigger mysqltest.t1_ai after insert on mysqltest.t1 + for each row set @a = new.a + new.b + new.c; +grant select(b) on mysqltest.t1 to mysqltest_1@localhost; + +select trigger_name from information_schema.triggers +where event_object_table='t1'; +show triggers from mysqltest; + +connect (con27629,localhost,mysqltest_1,,mysqltest); +show columns from t1; +select column_name from information_schema.columns where table_name='t1'; + +show triggers; +select trigger_name from information_schema.triggers +where event_object_table='t1'; +connection default; +drop user mysqltest_1@localhost; +drop database mysqltest; + --echo End of 5.0 tests. -- cgit v1.2.1 From 700c3786188e8e2c112615841d3be77e3d8e0f59 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 21 Aug 2007 17:55:49 +0500 Subject: Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW statements(addon for 5.1) added TRIGGER_ACL check for I_S.TRIGGERS mysql-test/r/information_schema.result: result fix --- mysql-test/r/information_schema.result | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'mysql-test') diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index 1ad30824214..e87b46ac90f 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -1419,8 +1419,8 @@ where event_object_table='t1'; trigger_name t1_ai show triggers from mysqltest; -Trigger Event Table Statement Timing Created sql_mode Definer -t1_ai INSERT t1 set @a = new.a + new.b + new.c AFTER NULL root@localhost +Trigger Event Table Statement Timing Created sql_mode Definer character_set_client collation_connection Database Collation +t1_ai INSERT t1 set @a = new.a + new.b + new.c AFTER NULL root@localhost latin1 latin1_swedish_ci latin1_swedish_ci show columns from t1; Field Type Null Key Default Extra b int(11) YES NULL @@ -1428,7 +1428,7 @@ select column_name from information_schema.columns where table_name='t1'; column_name b show triggers; -Trigger Event Table Statement Timing Created sql_mode Definer +Trigger Event Table Statement Timing Created sql_mode Definer character_set_client collation_connection Database Collation select trigger_name from information_schema.triggers where event_object_table='t1'; trigger_name -- cgit v1.2.1