From 81ffd72a5821f07129dedf4c31c3cbc2abfac372 Mon Sep 17 00:00:00 2001
From: Davi Arnaut <Davi.Arnaut@Sun.COM>
Date: Tue, 9 Mar 2010 09:16:17 -0300
Subject: Bug#51770: UNINSTALL PLUGIN requires no privileges

The problem was that UNINSTALL PLUGIN wasn't performing privilege
checks before removing a plugin. Any user (including users without
any kind of privileges) could uninstall any plugin.

The solution is to verify if the user has the DELETE privilege for
the mysql.plugin table before uninstalling a plugin.

mysql-test/r/plugin_not_embedded.result:
  Add test case result for Bug#51770.
mysql-test/t/plugin_not_embedded-master.opt:
  Add example plugin path.
mysql-test/t/plugin_not_embedded.test:
  Add test case for Bug#51770.
  Skip embedded as test relies on privileges checks.
---
 sql/sql_plugin.cc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sql/sql_plugin.cc')

diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc
index 9e35e392d2a..0706ef24881 100644
--- a/sql/sql_plugin.cc
+++ b/sql/sql_plugin.cc
@@ -1736,6 +1736,8 @@ bool mysql_uninstall_plugin(THD *thd, const LEX_STRING *name)
   bzero(&tables, sizeof(tables));
   tables.db= (char *)"mysql";
   tables.table_name= tables.alias= (char *)"plugin";
+  if (check_table_access(thd, DELETE_ACL, &tables, 1, FALSE))
+    DBUG_RETURN(TRUE);
 
   /* need to open before acquiring LOCK_plugin or it will deadlock */
   if (! (table= open_ltable(thd, &tables, TL_WRITE, 0)))
-- 
cgit v1.2.1