1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#45412 SHOW CREATE TRIGGER does not require privileges to disclose trigger data

Browse Source 
Added privilege checking to SHOW CREATE TRIGGER code.
This commit is contained in:
Sergey Glukhov 2009-06-25 15:52:50 +05:00
parent f3f137d82c
commit 3393fdf80a
3 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
mysql-test/r/trigger_notembedded.result
View File

@ -462,4 +462,18 @@ unlock tables;
select * from t1;
i
drop table t1;
CREATE DATABASE db1;
CREATE TABLE db1.t1 (a char(30)) ENGINE=MEMORY;
CREATE TRIGGER db1.trg AFTER INSERT ON db1.t1 FOR EACH ROW
INSERT INTO db1.t1 VALUES('Some very sensitive data goes here');
CREATE USER 'no_rights'@'localhost';
REVOKE ALL ON *.* FROM 'no_rights'@'localhost';
FLUSH PRIVILEGES;
SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS
WHERE trigger_schema = 'db1';
trigger_name
SHOW CREATE TRIGGER db1.trg;
ERROR 42000: Access denied; you need the TRIGGER privilege for this operation
DROP USER 'no_rights'@'localhost';
DROP DATABASE db1;
End of 5.1 tests.

23
mysql-test/t/trigger_notembedded.test
View File

@ -909,4 +909,27 @@ select * from t1;
drop table t1;
disconnect flush;
#
# Bug#45412 SHOW CREATE TRIGGER does not require privileges to disclose trigger data
#
CREATE DATABASE db1;
CREATE TABLE db1.t1 (a char(30)) ENGINE=MEMORY;
CREATE TRIGGER db1.trg AFTER INSERT ON db1.t1 FOR EACH ROW
INSERT INTO db1.t1 VALUES('Some very sensitive data goes here');
CREATE USER 'no_rights'@'localhost';
REVOKE ALL ON *.* FROM 'no_rights'@'localhost';
FLUSH PRIVILEGES;
connect (con1,localhost,no_rights,,);
SELECT trigger_name FROM INFORMATION_SCHEMA.TRIGGERS
WHERE trigger_schema = 'db1';
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
SHOW CREATE TRIGGER db1.trg;
connection default;
disconnect con1;
DROP USER 'no_rights'@'localhost';
DROP DATABASE db1;
--echo End of 5.1 tests.

6
sql/sql_show.cc
View File

@ -7071,6 +7071,12 @@ bool show_create_trigger(THD *thd, const sp_name *trg_name)
if (!lst)
return TRUE;
if (check_table_access(thd, TRIGGER_ACL, lst, 1, TRUE))
{
my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "TRIGGER");
return TRUE;
}
/*
Open the table by name in order to load Table_triggers_list object.