From 0b28d7e048fa097280be54f9baffd202f7626bdd Mon Sep 17 00:00:00 2001 From: Praveenkumar Hulakund Date: Wed, 10 Sep 2014 10:50:17 +0530 Subject: Bug#18790730 - CROSS-DATABASE FOREIGN KEY WITHOUT PERMISSIONS CHECK. Analysis: ---------- Issue here is, while creating or altering the InnoDB table, if the foreign key defined on the table references a parent table on which the user has no access privileges then the table is created without reporting any error. Currently the privilege level REFERENCES_ACL is unused and is not used for access evaluation while creating the table with a foreign key constraint or adding the foreign key constraint to a table. But when no privileges are granted to user then also access evaluation on parent table is ignored. Fix: --------- For DMLs, irrelevant of the fact, support does not want any changes to avoid permission checks on every operation. So, as a fix, added a function "check_fk_parent_table_access" to check whether any of the SELECT_ACL, INSERT_ACL, UDPATE_ACL, DELETE_ACL or REFERENCE_ACL privileges are granted for user at table level. If none of them is granted then error is reported. This function is called during the table creation and alter operation. --- sql/sql_table.cc | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'sql/sql_table.cc') diff --git a/sql/sql_table.cc b/sql/sql_table.cc index 8b4873cb834..e8de6a6928a 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -6004,6 +6004,18 @@ bool mysql_alter_table(THD *thd,char *new_db, char *new_name, goto err; } + /* + If foreign key is added then check permission to access parent table. + + In function "check_fk_parent_table_access", create_info->db_type is used + to identify whether engine supports FK constraint or not. Since + create_info->db_type is set here, check to parent table access is delayed + till this point for the alter operation. + */ + if ((alter_info->flags & ALTER_FOREIGN_KEY) && + check_fk_parent_table_access(thd, create_info, alter_info)) + goto err; + /* If this is an ALTER TABLE and no explicit row type specified reuse the table's row type. -- cgit v1.2.1