Georgi Kodinov 71b453fa06 Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. ... This is the 5.1 merge and extension of the fix. The server was happily accepting paths in table name in all places a table name is accepted (e.g. a SELECT). This allowed all users that have some privilege over some database to read all tables in all databases in all mysql server instances that the server file system has access to. Fixed by : 1. making sure no path elements are allowed in quoted table name when constructing the path (note that the path symbols are still valid in table names when they're properly escaped by the server). 2. checking the #mysql50# prefixed names the same way they're checked for path elements in mysql-5.0.		2010-05-04 17:03:28 +03:00
..
1st.result
alias.result
almost_full.result
alter_table-big.result
alter_table.result
analyse.result
analyze.result
ansi.result
archive-big.result
archive.result
archive_bitfield.result
archive_gis.result
auto_increment.result
backup.result
bench_count_distinct.result
big_test.require
bigint.result
binary.result
binlog_tx_isolation.result
bool.result
bootstrap.result
bug39022.result
bug46080.result
bug46261.result
bug46760.result
bug47671.result
bulk_replace.result
cache_innodb.result
case.result
case_insensitive_file_system.require
case_insensitive_fs.require
case_sensitive_file_system.require
cast.result
change_user.result
check.result
check_var_limit.require
client_xml.result
comments.result
commit_1innodb.result
compare.result
compress.result
concurrent_innodb_safelog.result
concurrent_innodb_unsafelog.result
connect.result
consistent_snapshot.result
constraints.result
contributors.result
count_distinct.result
count_distinct2.result
count_distinct3.result
crash_commit_before.result
create-big.result
create.result
create_not_windows.result
create_select_tmp.result
csv.result
csv_alter_table.result
csv_not_null.result
ctype_ascii.result
ctype_big5.result
ctype_collate.result
ctype_cp932_binlog_row.result
ctype_cp932_binlog_stm.result
ctype_cp1250_ch.result
ctype_cp1251.result
ctype_create.result
ctype_eucjpms.result
ctype_euckr.result
ctype_filename.result
ctype_filesystem.result
ctype_gb2312.result
ctype_gbk.result
ctype_gbk_binlog.result
ctype_hebrew.result
ctype_latin1.result
ctype_latin1_de.result
ctype_latin2.result
ctype_latin2_ch.result
ctype_ldml.result
ctype_many.result
ctype_mb.result
ctype_recoding.result
ctype_sjis.result
ctype_tis620.result
ctype_uca.result
ctype_ucs.result
ctype_ucs2_def.result
ctype_ujis.result
ctype_ujis_ucs2.result
ctype_utf8.result
date_formats.result
ddl_i18n_koi8r.result
ddl_i18n_utf8.result
deadlock_innodb.result
debug_sync.result
default.result
delayed.result
delete.result
derived.result
dirty_close.result
disabled_partition.require
distinct.result
drop.result
empty_table.result
endspace.result
error_simulation.result
errors.result
events_1.result
events_2.result
events_bugs.result
events_embedded.result
events_grant.result
events_logs_tests.result
events_microsec.result
events_restart.result
events_scheduling.result
events_stress.result
events_time_zone.result
events_trans.result
events_trans_notembedded.result
exampledb.result
execution_constants.result
explain.result
fix_priv_tables.result
flush.result
flush2.result
flush_block_commit.result
flush_block_commit_notembedded.result
flush_read_lock_kill.result
flush_table.result
foreign_key.result
fulltext.result
fulltext2.result
fulltext3.result
fulltext_cache.result
fulltext_distinct.result
fulltext_left_join.result
fulltext_multi.result
fulltext_order_by.result
fulltext_plugin.result
fulltext_update.result
fulltext_var.result
func_compress.result
func_concat.result
func_crypt.result
func_date_add.result
func_default.result
func_des_encrypt.result
func_encrypt.result
func_encrypt_nossl.result
func_equal.result
func_gconcat.result
func_group.result
func_group_innodb.result
func_if.result
func_in.result
func_isnull.result
func_like.result
func_math.result
func_misc.result
func_op.result
func_regexp.result
func_rollback.result
func_sapdb.result
func_set.result
func_str.result
func_system.result
func_test.result
func_time.result
func_timestamp.result
gcc296.result
gis-rtree.result
gis.result
grant.result
grant2.result
grant3.result
grant_cache_no_prot.result
grant_cache_ps_prot.result
grant_lowercase_fs.result
greedy_optimizer.result
group_by.result
group_min_max.result
group_min_max_innodb.result
handler_innodb.result
handler_myisam.result
have_big5.require
have_binlog_format_mixed.require
have_binlog_format_row.require
have_binlog_format_statement.require
have_community_features.require
have_compress.require
have_cp866.require
have_cp932.require
have_cp1250_ch.require
have_cp1251.require
have_crypt.require
have_debug.require
have_debug_sync.require
have_dynamic_loading.require
have_eucjpms.require
have_euckr.require
have_example_plugin.require
have_gb2312.require
have_gbk.require
have_geometry.require
have_koi8r.require
have_latin2_ch.require
have_local_infile.require
have_log_bin.require
have_met_timezone.require
have_moscow_leap_timezone.require
have_mysql_upgrade.result
have_ndb_extra.require
have_ndbapi_examples.require
have_outfile.require
have_partition.require
have_perror.require
have_query_cache.require
have_simple_parser.require
have_sjis.require
have_ssl.require
have_symlink.require
have_tis620.require
have_ucs2.require
have_udf_example.require
have_ujis.require
have_utf8.require
having.result
heap.result
heap_auto_increment.result
heap_btree.result
heap_hash.result
help.result
index_merge_innodb.result
index_merge_myisam.result
information_schema.result
information_schema_chmod.result
information_schema_db.result
information_schema_inno.result
information_schema_part.result
init_connect.result
init_file.result
innodb-autoinc-optimize.result
innodb-ucs2.result
innodb_autoinc_lock_mode_zero.result
innodb_bug30919.result
innodb_bug42419.result
innodb_gis.result
innodb_ignore_builtin.result
innodb_lock_wait_timeout_1.result
innodb_mysql.result
innodb_mysql_rbk.result
innodb_notembedded.result
innodb_timeout_rollback.result
insert.result
insert_notembedded.result
insert_select.result
insert_update.result
is_debug_build.require
is_embedded.require
isam.result
join.result
join_crash.result
join_nested.result
join_outer.result
join_outer_innodb.result
key.result
key_cache.result
key_diff.result
key_primary.result
keywords.result
kill.result
limit.result
loaddata.result
loaddata_autocom_innodb.result
locale.result
lock.result
lock_multi.result
lock_multi_bug38499.result
lock_multi_bug38691.result
lock_tables_lost_commit.result
log_state.result
log_tables-big.result
log_tables.result
log_tables_debug.result
log_tables_upgrade.result
long_tmpdir.result
lowercase0.require
lowercase1.require
lowercase2.require
lowercase_fs_off.result
lowercase_mixed_tmpdir.result
lowercase_mixed_tmpdir_innodb.result
lowercase_table.result
lowercase_table2.result
lowercase_table3.result
lowercase_table_grant.result
lowercase_table_qcache.result
lowercase_utf8.result
lowercase_view.result
merge-big.result
merge.result
merge_innodb.result
metadata.result
mix2_myisam.result
mix2_myisam_ucs2.result
multi_statement.result
multi_update.result
multi_update2.result
multi_update_tiny_hash.result
myisam-blob.result
myisam-system.result
myisam.result
myisam_crash_before_flush_keys.result
myisam_debug.result
myisampack.result
mysql-bug41486.result
mysql-bug45236.result
mysql.result
mysql_client_test.result
mysql_comments.result
mysql_cp932.result
mysql_protocols.result
mysql_upgrade.result
mysqladmin.result
mysqlbinlog-cp932.result
mysqlbinlog.result
mysqlbinlog2.result
mysqlbinlog_base64.result
mysqlbinlog_row.result
mysqlbinlog_row_big.result
mysqlbinlog_row_innodb.result
mysqlbinlog_row_myisam.result
mysqlbinlog_row_trans.result
mysqlcheck.result
mysqldump-compat.result
mysqldump-max.result
mysqldump-no-binlog.result
mysqldump.result
mysqldump_restore.result
mysqlshow.result
mysqlslap.result
mysqltest.result
named_pipe.result
ndb_default_cluster.require
negation_elimination.result
no-threads.result
no_binlog.result
not_embedded.require
not_embedded_server.result
not_ndb.require
not_ndb_default.require
not_openssl.require
not_partition.require
not_partition.result
not_true.require
not_valgrind.require
not_windows.require
null.result
null_key.result
odbc.result
olap.result
one_thread_per_connection.require
openssl_1.result
order_by.result
order_fill_sortbuf.result
outfile.result
outfile_loaddata.result
overflow.result
packet.result
parser.result
parser_bug21114_innodb.result
parser_not_embedded.result
parser_precedence.result
parser_stack.result
partition.result
partition_archive.result
partition_blackhole.result
partition_bug18198.result
partition_charset.result
partition_csv.result
partition_datatype.result
partition_debug_sync.result
partition_disabled.result
partition_error.result
partition_federated.result
partition_grant.result
partition_hash.result
partition_innodb.result
partition_innodb_builtin.result
partition_innodb_plugin.result
partition_innodb_semi_consistent.result
partition_innodb_stmt.result
partition_list.result
partition_mgm.result
partition_mgm_err.result
partition_mgm_err2.result
partition_not_embedded.result
partition_not_windows.result
partition_open_files_limit.result
partition_order.result
partition_pruning.result
partition_range.result
partition_rename_longfilename.result
partition_symlink.result
partition_windows.result
perror-win.result
perror.result
plugin.result
plugin_load.result
plugin_not_embedded.result
preload.result
profiling.result
ps.result
ps_1general.result
ps_2myisam.result
ps_3innodb.result
ps_4heap.result
ps_5merge.result
ps_10nestset.result
ps_11bugs.result
ps_ddl.result
ps_ddl1.result
ps_grant.result
ps_not_windows.result
query_cache.result
query_cache_28249.result
query_cache_debug.result
query_cache_merge.result
query_cache_notembedded.result
query_cache_ps_no_prot.result
query_cache_ps_ps_prot.result
query_cache_with_views.result
raid.result
range.result
read_many_rows_innodb.result
read_only.result
read_only_innodb.result
rename.result
renamedb.result
repair.result
replace.result
rollback.result
round.result
row.result
rowid_order_innodb.result
rpl_colSize.result
rpl_extraColmaster_innodb.result
rpl_extraColmaster_myisam.result
schema.result
select.result
select_found.result
select_safe.result
server_id.require
server_id1.require
shm.result
show_check.result
skip_grants.result
skip_log_bin.result
skip_name_resolve.result
slave-running.result
slave-stopped.result
sp-big.result
sp-bugs.result
sp-code.result
sp-destruct.result
sp-dynamic.result
sp-error.result
sp-fib.result
sp-prelocking.result
sp-security.result
sp-threads.result
sp-ucs2.result
sp-vars.result
sp.result
sp_gis.result
sp_notembedded.result
sp_stress_case.result
sp_sync.result
sp_trans.result
sp_trans_log.result
sql_mode.result
ssl-big.result
ssl.result
ssl_8k_key.result
ssl_compress.result
ssl_connect.result
status.result
status2.result
strict.result
strict_autoinc_1myisam.result
strict_autoinc_2innodb.result
strict_autoinc_3heap.result
subselect.result
subselect2.result
subselect3.result
subselect4.result
subselect_debug.result
subselect_gis.result
subselect_innodb.result
subselect_notembedded.result
sum_distinct-big.result
sum_distinct.result
symlink.result
synchronization.result
sysdate_is_now.result
system_mysql_db.result
system_mysql_db_refs.result
tablelock.result
temp_table.result
testdb_only.require
timezone.result
timezone2.result
timezone3.result
timezone4.result
timezone_grant.result
trigger-compat.result
trigger-trans.result
trigger.result
trigger_notembedded.result
true.require
truncate.result
type_binary.result
type_bit.result
type_bit_innodb.result
type_blob.result
type_date.result
type_datetime.result
type_decimal.result
type_enum.result
type_float.result
type_nchar.result
type_newdecimal-big.result
type_newdecimal.result
type_ranges.result
type_set.result
type_time.result
type_timestamp.result
type_uint.result
type_varchar.result
type_year.result
udf.result
udf_skip_grants.result
union.result
unsafe_binlog_innodb.result
update.result
upgrade.result
user_limits.result
user_var-binlog.result
user_var.result
varbinary.result
variables-big.result
variables-notembedded.result
variables.result
variables_community.result
variables_debug.result
view.result
view_alias.result
view_grant.result
wait_timeout.result
warnings.result
warnings_engine_disabled.result
windows.require
windows.result
xa.result
xml.result