mirror of
https://github.com/MariaDB/server.git
synced 2025-01-23 15:24:16 +01:00
1588c116ba
The check_table_access function initializes per-table grant info and performs
access rights check. It wasn't called for SHOW STATUS statement thus left
grants info uninitialized. In some cases this led to server crash. In other
cases it allowed a user to check for presence/absence of arbitrary values in
any tables.
Now the check_table_access function is called prior to the statement
processing.
mysql-test/r/status.result:
Added a test case for the bug#37908.
mysql-test/t/status.test:
Added a test case for the bug#37908.
sql/sql_parse.cc:
Bug#37908: Skipped access right check caused server crash.
Now the check_table_access function is called when the SHOW STATUS statement
uses any table except information.STATUS.
sql/sql_yacc.yy:
Bug#37908: Skipped access right check caused server crash.
For the SHOW PROCEDURE/FUNCTION STATUS the 'mysql.proc' table isn't added
to the table list anymore as there is no need.
200 lines
5.9 KiB
Text
200 lines
5.9 KiB
Text
flush status;
|
|
show status like 'Table_lock%';
|
|
Variable_name Value
|
|
Table_locks_immediate 1
|
|
Table_locks_waited 0
|
|
select * from information_schema.session_status where variable_name like 'Table_lock%';
|
|
VARIABLE_NAME VARIABLE_VALUE
|
|
TABLE_LOCKS_IMMEDIATE 2
|
|
TABLE_LOCKS_WAITED 0
|
|
SET SQL_LOG_BIN=0;
|
|
set @old_general_log = @@global.general_log;
|
|
set global general_log = 'OFF';
|
|
drop table if exists t1;
|
|
create table t1(n int) engine=myisam;
|
|
insert into t1 values(1);
|
|
lock tables t1 read;
|
|
unlock tables;
|
|
lock tables t1 read;
|
|
update t1 set n = 3;
|
|
unlock tables;
|
|
show status like 'Table_locks_waited';
|
|
Variable_name Value
|
|
Table_locks_waited 1
|
|
drop table t1;
|
|
set global general_log = @old_general_log;
|
|
select 1;
|
|
1
|
|
1
|
|
show status like 'last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 0.000000
|
|
create table t1 (a int);
|
|
insert into t1 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
|
insert into t1 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
|
insert into t1 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
|
insert into t1 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
|
insert into t1 values (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
|
select * from t1 where a=6;
|
|
a
|
|
6
|
|
6
|
|
6
|
|
6
|
|
6
|
|
show status like 'last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 12.084449
|
|
show status like 'last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 12.084449
|
|
select 1;
|
|
1
|
|
1
|
|
show status like 'last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 0.000000
|
|
drop table t1;
|
|
FLUSH STATUS;
|
|
SHOW STATUS LIKE 'max_used_connections';
|
|
Variable_name Value
|
|
Max_used_connections 1
|
|
SELECT * FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME LIKE 'max_used_connections';
|
|
VARIABLE_NAME VARIABLE_VALUE
|
|
MAX_USED_CONNECTIONS 1
|
|
SET @save_thread_cache_size=@@thread_cache_size;
|
|
SET GLOBAL thread_cache_size=3;
|
|
SHOW STATUS LIKE 'max_used_connections';
|
|
Variable_name Value
|
|
Max_used_connections 3
|
|
SELECT * FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME LIKE 'max_used_connections';
|
|
VARIABLE_NAME VARIABLE_VALUE
|
|
MAX_USED_CONNECTIONS 3
|
|
FLUSH STATUS;
|
|
SHOW STATUS LIKE 'max_used_connections';
|
|
Variable_name Value
|
|
Max_used_connections 2
|
|
SELECT * FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME LIKE 'max_used_connections';
|
|
VARIABLE_NAME VARIABLE_VALUE
|
|
MAX_USED_CONNECTIONS 2
|
|
SHOW STATUS LIKE 'max_used_connections';
|
|
Variable_name Value
|
|
Max_used_connections 3
|
|
SELECT * FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME LIKE 'max_used_connections';
|
|
VARIABLE_NAME VARIABLE_VALUE
|
|
MAX_USED_CONNECTIONS 3
|
|
SHOW STATUS LIKE 'max_used_connections';
|
|
Variable_name Value
|
|
Max_used_connections 4
|
|
SELECT * FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME LIKE 'max_used_connections';
|
|
VARIABLE_NAME VARIABLE_VALUE
|
|
MAX_USED_CONNECTIONS 4
|
|
SET GLOBAL thread_cache_size=@save_thread_cache_size;
|
|
CREATE TABLE t1 ( a INT );
|
|
INSERT INTO t1 VALUES (1), (2);
|
|
SELECT a FROM t1 LIMIT 1;
|
|
a
|
|
1
|
|
SHOW SESSION STATUS LIKE 'Last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 2.402418
|
|
EXPLAIN SELECT a FROM t1;
|
|
id select_type table type possible_keys key key_len ref rows Extra
|
|
1 SIMPLE t1 ALL NULL NULL NULL NULL 2
|
|
SHOW SESSION STATUS LIKE 'Last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 2.402418
|
|
SELECT a FROM t1 UNION SELECT a FROM t1 ORDER BY a;
|
|
a
|
|
1
|
|
2
|
|
SHOW SESSION STATUS LIKE 'Last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 0.000000
|
|
EXPLAIN SELECT a FROM t1 UNION SELECT a FROM t1 ORDER BY a;
|
|
id select_type table type possible_keys key key_len ref rows Extra
|
|
1 PRIMARY t1 ALL NULL NULL NULL NULL 2
|
|
2 UNION t1 ALL NULL NULL NULL NULL 2
|
|
NULL UNION RESULT <union1,2> ALL NULL NULL NULL NULL NULL Using filesort
|
|
SHOW SESSION STATUS LIKE 'Last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 0.000000
|
|
SELECT a IN (SELECT a FROM t1) FROM t1 LIMIT 1;
|
|
a IN (SELECT a FROM t1)
|
|
1
|
|
SHOW SESSION STATUS LIKE 'Last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 0.000000
|
|
SELECT (SELECT a FROM t1 LIMIT 1) x FROM t1 LIMIT 1;
|
|
x
|
|
1
|
|
SHOW SESSION STATUS LIKE 'Last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 0.000000
|
|
SELECT * FROM t1 a, t1 b LIMIT 1;
|
|
a a
|
|
1 1
|
|
SHOW SESSION STATUS LIKE 'Last_query_cost';
|
|
Variable_name Value
|
|
Last_query_cost 4.805836
|
|
DROP TABLE t1;
|
|
show status like 'com_show_status';
|
|
Variable_name Value
|
|
Com_show_status 3
|
|
show status like 'hand%write%';
|
|
Variable_name Value
|
|
Handler_write 5
|
|
show status like '%tmp%';
|
|
Variable_name Value
|
|
Created_tmp_disk_tables 0
|
|
Created_tmp_files 0
|
|
Created_tmp_tables 0
|
|
show status like 'hand%write%';
|
|
Variable_name Value
|
|
Handler_write 7
|
|
show status like '%tmp%';
|
|
Variable_name Value
|
|
Created_tmp_disk_tables 0
|
|
Created_tmp_files 0
|
|
Created_tmp_tables 0
|
|
show status like 'com_show_status';
|
|
Variable_name Value
|
|
Com_show_status 8
|
|
rnd_diff tmp_table_diff
|
|
20 8
|
|
flush status;
|
|
show status like 'Com%function';
|
|
Variable_name Value
|
|
Com_alter_function 0
|
|
Com_create_function 0
|
|
Com_drop_function 0
|
|
create function f1 (x INTEGER) returns integer
|
|
begin
|
|
declare ret integer;
|
|
set ret = x * 10;
|
|
return ret;
|
|
end //
|
|
drop function f1;
|
|
show status like 'Com%function';
|
|
Variable_name Value
|
|
Com_alter_function 0
|
|
Com_create_function 1
|
|
Com_drop_function 1
|
|
create database db37908;
|
|
create table db37908.t1(f1 int);
|
|
insert into db37908.t1 values(1);
|
|
grant usage,execute on test.* to mysqltest_1@localhost;
|
|
create procedure proc37908() begin select 1; end |
|
|
create function func37908() returns int sql security invoker
|
|
return (select * from db37908.t1 limit 1)|
|
|
select * from db37908.t1;
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1'
|
|
show status where variable_name ='uptime' and 2 in (select * from db37908.t1);
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1'
|
|
show procedure status where name ='proc37908' and 1 in (select f1 from db37908.t1);
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1'
|
|
show function status where name ='func37908' and 1 in (select func37908());
|
|
ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1'
|
|
drop database db37908;
|
|
drop procedure proc37908;
|
|
drop function func37908;
|