mirror of
https://github.com/MariaDB/server.git
synced 2025-02-01 19:41:47 +01:00
91223c4d25
The problem was that UNINSTALL PLUGIN wasn't performing privilege checks before removing a plugin. Any user (including users without any kind of privileges) could uninstall any plugin. The solution is to verify if the user has the DELETE privilege for the mysql.plugin table before uninstalling a plugin.
11 lines
393 B
Text
11 lines
393 B
Text
#
|
|
# Bug#51770: UNINSTALL PLUGIN requires no privileges
|
|
#
|
|
GRANT INSERT ON mysql.plugin TO bug51770@localhost;
|
|
INSTALL PLUGIN example SONAME 'ha_example.so';
|
|
UNINSTALL PLUGIN example;
|
|
ERROR 42000: DELETE command denied to user 'bug51770'@'localhost' for table 'plugin'
|
|
GRANT DELETE ON mysql.plugin TO bug51770@localhost;
|
|
FLUSH PRIVILEGES;
|
|
UNINSTALL PLUGIN example;
|
|
DROP USER bug51770@localhost;
|