[Pkg-mysql-commits] r1070 - branches/sid-5.0/debian/patches

Norbert Tretkowski nobse at alioth.debian.org
Wed Dec 12 19:28:41 UTC 2007 

Author: nobse
Date: 2007-12-12 19:28:41 +0000 (Wed, 12 Dec 2007)
New Revision: 1070

Removed:
   branches/sid-5.0/debian/patches/34444?f=plain
Log:
Oops...

Deleted: branches/sid-5.0/debian/patches/34444?f=plain
===================================================================
--- branches/sid-5.0/debian/patches/34444?f=plain	2007-12-12 19:24:18 UTC (rev 1069)
+++ branches/sid-5.0/debian/patches/34444?f=plain	2007-12-12 19:28:41 UTC (rev 1070)
@@ -1,194 +0,0 @@
-From: eugeneDate: September 20 2007 4:05pm
-Subject: bk commit into 5.0 tree (evgen:1.2526) BUG#29908
-
-Below is the list of changes that have just been committed into a local
-5.0 repository of evgen. When evgen does a push these changes will
-be propagated to the main repository and, within 24 hours after the
-push, to the public repository.
-For information on how to access the public repository
-see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
-
-ChangeSet at stripped, 2007-09-20 18:05:09+04:00, evgen at stripped +3 -0
-  Bug#29908: A user can gain additional access through the ALTER VIEW.
-  
-  Non-definer of a view was allowed to alter that view. Due to this the alterer
-  can elevate his access rights to access rights of the view definer and thus
-  modify data which he wasn't allowed to modify. A view defined with
-  SQL SECURITY INVOKER can't be used directly for access rights elevation.
-  But a user can first alter the view SQL code and then alter the view to 
-  SQL SECURITY DEFINER and thus elevate his access rights. Due to this
-  altering a view with SQL SECURITY INVOKER is also prohibited.
-  
-  Now the mysql_create_view function allows ALTER VIEW only to the view
-  definer or a super user. 
-
-  mysql-test/r/view_grant.result at stripped, 2007-09-20 17:48:10+04:00, evgen at stripped +47 -3
-    Added a test case for the bug#29908: A user can gain additional access through the
-    ALTER VIEW.
-
-  mysql-test/t/view_grant.test at stripped, 2007-09-20 17:46:26+04:00, evgen at stripped +47 -2
-    Added a test case for the bug#29908: A user can gain additional access through the
-    ALTER VIEW.
-    A test case was adjusted after fixfing bug#29908.
-
-  sql/sql_view.cc at stripped, 2007-09-20 18:03:16+04:00, evgen at stripped +1 -4
-    Bug#29908: A user can gain additional access through the ALTER VIEW.
-    Now the mysql_create_view function allows ALTER VIEW only to the view
-    definer or a super user. 
-
-diff -Nrup a/mysql-test/r/view_grant.result b/mysql-test/r/view_grant.result
---- a/mysql-test/r/view_grant.result	2007-06-05 22:17:58 +04:00
-+++ b/mysql-test/r/view_grant.result	2007-09-20 17:48:10 +04:00
-@@ -776,15 +776,59 @@ GRANT CREATE VIEW ON db26813.v2 TO u2681
- GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813 at localhost;
- GRANT SELECT ON db26813.t1 TO u26813 at localhost;
- ALTER VIEW v1 AS SELECT f2 FROM t1;
--ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1'
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- ALTER VIEW v2 AS SELECT f2 FROM t1;
--ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2'
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- ALTER VIEW v3 AS SELECT f2 FROM t1;
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
- SHOW CREATE VIEW v3;
- View	Create View
--v3	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1`
-+v3	CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f1` AS `f1` from `t1`
- DROP USER u26813 at localhost;
- DROP DATABASE db26813;
-+#
-+# Bug#29908: A user can gain additional access through the ALTER VIEW.
-+#
-+CREATE DATABASE mysqltest_29908;
-+USE mysqltest_29908;
-+CREATE TABLE t1(f1 INT, f2 INT);
-+CREATE USER u29908_1 at localhost;
-+CREATE DEFINER = u29908_1 at localhost VIEW v1 AS SELECT f1 FROM t1;
-+CREATE DEFINER = u29908_1 at localhost SQL SECURITY INVOKER VIEW v2 AS
-+SELECT f1 FROM t1;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1 at localhost;
-+CREATE USER u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2 at localhost;
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+ERROR 42000: Access denied; you need the SUPER privilege for this operation
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+View	Create View
-+v2	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v1;
-+View	Create View
-+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1`
-+ALTER VIEW v2 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v2;
-+View	Create View
-+v2	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1`
-+ALTER VIEW v1 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v1;
-+View	Create View
-+v1	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1`
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+View	Create View
-+v2	CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1`
-+DROP USER u29908_1 at localhost;
-+DROP USER u29908_2 at localhost;
-+DROP DATABASE mysqltest_29908;
-+#######################################################################
- DROP DATABASE IF EXISTS mysqltest1;
- DROP DATABASE IF EXISTS mysqltest2;
- CREATE DATABASE mysqltest1;
-diff -Nrup a/mysql-test/t/view_grant.test b/mysql-test/t/view_grant.test
---- a/mysql-test/t/view_grant.test	2007-03-23 18:56:41 +03:00
-+++ b/mysql-test/t/view_grant.test	2007-09-20 17:46:26 +04:00
-@@ -1034,10 +1034,11 @@ GRANT SELECT ON db26813.t1 TO u26813 at loc
- 
- connect (u1,localhost,u26813,,db26813);
- connection u1;
----error 1142
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v1 AS SELECT f2 FROM t1;
----error 1142
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v2 AS SELECT f2 FROM t1;
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
- ALTER VIEW v3 AS SELECT f2 FROM t1;
- 
- connection root;
-@@ -1046,6 +1047,50 @@ SHOW CREATE VIEW v3;
- DROP USER u26813 at localhost;
- DROP DATABASE db26813;
- disconnect u1;
-+
-+--echo #
-+--echo # Bug#29908: A user can gain additional access through the ALTER VIEW.
-+--echo #
-+connection root;
-+CREATE DATABASE mysqltest_29908;
-+USE mysqltest_29908;
-+CREATE TABLE t1(f1 INT, f2 INT);
-+CREATE USER u29908_1 at localhost;
-+CREATE DEFINER = u29908_1 at localhost VIEW v1 AS SELECT f1 FROM t1;
-+CREATE DEFINER = u29908_1 at localhost SQL SECURITY INVOKER VIEW v2 AS
-+  SELECT f1 FROM t1;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1 at localhost;
-+CREATE USER u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2 at localhost;
-+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2 at localhost;
-+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2 at localhost;
-+
-+connect (u2,localhost,u29908_2,,mysqltest_29908);
-+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+connect (u1,localhost,u29908_1,,mysqltest_29908);
-+ALTER VIEW v1 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v1;
-+ALTER VIEW v2 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+connection root;
-+ALTER VIEW v1 AS SELECT f1 FROM t1;
-+SHOW CREATE VIEW v1;
-+ALTER VIEW v2 AS SELECT f2 FROM t1;
-+SHOW CREATE VIEW v2;
-+
-+DROP USER u29908_1 at localhost;
-+DROP USER u29908_2 at localhost;
-+DROP DATABASE mysqltest_29908;
-+disconnect u1;
-+disconnect u2;
-+--echo #######################################################################
- 
- #
- # BUG#24040: Create View don't succed with "all privileges" on a database.
-diff -Nrup a/sql/sql_view.cc b/sql/sql_view.cc
---- a/sql/sql_view.cc	2007-09-03 11:22:54 +04:00
-+++ b/sql/sql_view.cc	2007-09-20 18:03:16 +04:00
-@@ -223,9 +223,6 @@ bool mysql_create_view(THD *thd, TABLE_L
- {
-   LEX *lex= thd->lex;
-   bool link_to_local;
--#ifndef NO_EMBEDDED_ACCESS_CHECKS
--  bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer;
--#endif
-   /* first table in list is target VIEW name => cut off it */
-   TABLE_LIST *view= lex->unlink_first_table(&link_to_local);
-   TABLE_LIST *tables= lex->query_tables;
-@@ -280,7 +277,7 @@ bool mysql_create_view(THD *thd, TABLE_L
-       - same as current user
-       - current user has SUPER_ACL
-   */
--  if (definer_check_is_needed &&
-+  if (lex->definer &&
-       (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 ||
-        my_strcasecmp(system_charset_info,
-                      lex->definer->host.str,

More information about the Pkg-mysql-commits mailing list