From 29ee5ed0a04a2db4e5e23a359a3acf9b4e474ab0 Mon Sep 17 00:00:00 2001
From: unknown <gluh@mysql.com/eagle.(none)>
Date: Mon, 20 Aug 2007 11:23:08 +0500
Subject: Bug#27629 Possible security flaw in INFORMATION_SCHEMA and SHOW
 statements added SUPER_ACL check for I_S.TRIGGERS

mysql-test/r/information_schema.result:
  result fix
mysql-test/r/information_schema_db.result:
  result fix
mysql-test/t/information_schema.test:
  test case
sql/sql_show.cc:
  added SUPER_ACL check for I_S.TRIGGERS
---
 sql/sql_show.cc | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'sql')

diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 05a847b3830..e21de81fbdb 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -2684,8 +2684,7 @@ static int get_schema_column_record(THD *thd, TABLE_LIST *tables,
     col_access= get_column_grant(thd, &tables->grant, 
                                  base_name, file_name,
                                  field->field_name) & COL_ACLS;
-    if (lex->orig_sql_command != SQLCOM_SHOW_FIELDS  && 
-        !tables->schema_table && !col_access)
+    if (!tables->schema_table && !col_access)
       continue;
     end= tmp;
     for (uint bitnr=0; col_access ; col_access>>=1,bitnr++)
@@ -3381,6 +3380,12 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
   {
     Table_triggers_list *triggers= tables->table->triggers;
     int event, timing;
+
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+    if (!(thd->security_ctx->master_access & SUPER_ACL))
+      goto ret;
+#endif
+
     for (event= 0; event < (int)TRG_EVENT_MAX; event++)
     {
       for (timing= 0; timing < (int)TRG_ACTION_MAX; timing++)
@@ -3407,6 +3412,7 @@ static int get_schema_triggers_record(THD *thd, TABLE_LIST *tables,
       }
     }
   }
+ret:
   DBUG_RETURN(0);
 }
 
-- 
cgit v1.2.1