mirror of
https://github.com/MariaDB/server.git
synced 2025-01-23 23:34:34 +01:00
MariaDB server is a community developed fork of MySQL server. Started by core members of the original MySQL team, MariaDB actively works with outside developers to deliver the most featureful, stable, and sanely licensed open SQL server in the industry.
amazon-web-servicesdatabasefulltext-searchgalerageographical-information-systeminnodbjsonmariadbmysqlrdbmsrelational-databasessqlstorage-enginevector-database
d7743c41c6
The check for view security was lacking several points : 1. Check with the right set of permissions : for each table ref that participates in a view there were the right credentials to use in it's security_ctx member, but these weren't used for checking the credentials. This makes hard enforcing the SQL SECURITY DEFINER|INVOKER property consistently. 2. Because of the above the security checking for views was just ruled out in explicit ways in several places. 3. The security was checked only for the columns of the tables that are brought into the query from a view. So if there is no column reference outside of the view definition it was not detecting the lack of access to the tables in the view in SQL SECURITY INVOKER mode. The fix below tries to fix the above 3 points. mysql-test/r/grant.result: removed nondeterminism (unspecified order) in some test output mysql-test/r/view_grant.result: Somewhat extended test case for the bug and similar queries. mysql-test/t/grant.test: removed nondeterminism (unspecified order) in some test output mysql-test/t/view_grant.test: Somewhat extended test case for the bug and similar queries. sql/mysql_priv.h: A wrapper for setup_tables that also checks access to the tables sql/sql_acl.cc: removed artificial security check stop and used the table ref's credentials. sql/sql_base.cc: a wrapper for setup_tables to check access to the tables sql/sql_delete.cc: wrapper called. sql/sql_insert.cc: wrapper called sql/sql_load.cc: wrapper called sql/sql_parse.cc: wrapper called and artificial check stop removed sql/sql_select.cc: wrapper called sql/sql_update.cc: wrapper called sql/table.cc: Mask table access to the view error as well. |
||
|---|---|---|
| bdb | ||
| BitKeeper | ||
| BUILD | ||
| client | ||
| cmd-line-utils | ||
| config/ac-macros | ||
| dbug | ||
| Docs | ||
| extra | ||
| heap | ||
| include | ||
| innobase | ||
| libmysql | ||
| libmysql_r | ||
| libmysqld | ||
| man | ||
| myisam | ||
| myisammrg | ||
| mysql-test | ||
| mysys | ||
| ndb | ||
| netware | ||
| os2 | ||
| pstack | ||
| regex | ||
| scripts | ||
| server-tools | ||
| sql | ||
| sql-bench | ||
| sql-common | ||
| SSL | ||
| strings | ||
| support-files | ||
| tests | ||
| tools | ||
| VC++Files | ||
| vio | ||
| zlib | ||
| .bzrignore | ||
| .cvsignore | ||
| configure.in | ||
| COPYING | ||
| Makefile.am | ||
| README | ||
This is a release of MySQL, a dual-license SQL database server. MySQL is brought to you by the MySQL team at MySQL AB. License information can be found in these files: - For GPL (free) distributions, see the COPYING file. - For commercial distributions, see the MySQLEULA.txt file. For further information about MySQL or additional documentation, see: - The latest information about MySQL: http://www.mysql.com - The current MySQL documentation: http://dev.mysql.com/doc Some manual sections of special interest: - If you are migrating from an older version of MySQL, please read the "Upgrading from..." section first! - To see what MySQL can do, take a look at the features section. - For installation instructions, see the Installation chapter. - For future plans, see the TODO appendix. - For the new features/bugfix history, see the News appendix. - For the currently known bugs/misfeatures (known errors) see the problems appendix. - For a list of developers and other contributors, see the Credits appendix. A local copy of the MySQL Reference Manual can be found in the Docs directory in GNU Info format. You can also browse the manual online or download it in any of several formats at the URL given earlier in this file. ************************************************************ IMPORTANT: Bug or error reports should be sent to http://bugs.mysql.com.