Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 138868 Details for
Bug 201669
dev-db/mysql < 5.0.54 dev-db/mysql-community <5.0.51a RENAME TABLE system table replace (CVE-2007-{5969,6303,6304})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2007-6303.patch
CVE-2007-6303.patch (text/plain), 6.55 KB, created by
Robert Buchholz (RETIRED)
on 2007-12-19 02:47:07 UTC
(
hide
)
Description:
CVE-2007-6303.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-12-19 02:47:07 UTC
Size:
6.55 KB
patch
obsolete
>Index: mysql/mysql-test/r/view_grant.result >=================================================================== >--- mysql.orig/mysql-test/r/view_grant.result >+++ mysql/mysql-test/r/view_grant.result >@@ -776,15 +776,59 @@ GRANT CREATE VIEW ON db26813.v2 TO u2681 > GRANT DROP, CREATE VIEW ON db26813.v3 TO u26813@localhost; > GRANT SELECT ON db26813.t1 TO u26813@localhost; > ALTER VIEW v1 AS SELECT f2 FROM t1; >-ERROR 42000: CREATE VIEW command denied to user 'u26813'@'localhost' for table 'v1' >+ERROR 42000: Access denied; you need the SUPER privilege for this operation > ALTER VIEW v2 AS SELECT f2 FROM t1; >-ERROR 42000: DROP command denied to user 'u26813'@'localhost' for table 'v2' >+ERROR 42000: Access denied; you need the SUPER privilege for this operation > ALTER VIEW v3 AS SELECT f2 FROM t1; >+ERROR 42000: Access denied; you need the SUPER privilege for this operation > SHOW CREATE VIEW v3; > View Create View >-v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f2` AS `f2` from `t1` >+v3 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v3` AS select `t1`.`f1` AS `f1` from `t1` > DROP USER u26813@localhost; > DROP DATABASE db26813; >+# >+# Bug#29908: A user can gain additional access through the ALTER VIEW. >+# >+CREATE DATABASE mysqltest_29908; >+USE mysqltest_29908; >+CREATE TABLE t1(f1 INT, f2 INT); >+CREATE USER u29908_1@localhost; >+CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1; >+CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS >+SELECT f1 FROM t1; >+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost; >+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost; >+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost; >+CREATE USER u29908_2@localhost; >+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost; >+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost; >+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost; >+ALTER VIEW v1 AS SELECT f2 FROM t1; >+ERROR 42000: Access denied; you need the SUPER privilege for this operation >+ALTER VIEW v2 AS SELECT f2 FROM t1; >+SHOW CREATE VIEW v2; >+View Create View >+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1` >+ALTER VIEW v1 AS SELECT f2 FROM t1; >+SHOW CREATE VIEW v1; >+View Create View >+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f2` AS `f2` from `t1` >+ALTER VIEW v2 AS SELECT f1 FROM t1; >+SHOW CREATE VIEW v2; >+View Create View >+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f1` AS `f1` from `t1` >+ALTER VIEW v1 AS SELECT f1 FROM t1; >+SHOW CREATE VIEW v1; >+View Create View >+v1 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select `t1`.`f1` AS `f1` from `t1` >+ALTER VIEW v2 AS SELECT f2 FROM t1; >+SHOW CREATE VIEW v2; >+View Create View >+v2 CREATE ALGORITHM=UNDEFINED DEFINER=`u29908_1`@`localhost` SQL SECURITY INVOKER VIEW `v2` AS select `t1`.`f2` AS `f2` from `t1` >+DROP USER u29908_1@localhost; >+DROP USER u29908_2@localhost; >+DROP DATABASE mysqltest_29908; >+####################################################################### > DROP DATABASE IF EXISTS mysqltest1; > DROP DATABASE IF EXISTS mysqltest2; > CREATE DATABASE mysqltest1; >Index: mysql/mysql-test/t/view_grant.test >=================================================================== >--- mysql.orig/mysql-test/t/view_grant.test >+++ mysql/mysql-test/t/view_grant.test >@@ -1034,10 +1034,11 @@ GRANT SELECT ON db26813.t1 TO u26813@loc > > connect (u1,localhost,u26813,,db26813); > connection u1; >---error 1142 >+--error ER_SPECIFIC_ACCESS_DENIED_ERROR > ALTER VIEW v1 AS SELECT f2 FROM t1; >---error 1142 >+--error ER_SPECIFIC_ACCESS_DENIED_ERROR > ALTER VIEW v2 AS SELECT f2 FROM t1; >+--error ER_SPECIFIC_ACCESS_DENIED_ERROR > ALTER VIEW v3 AS SELECT f2 FROM t1; > > connection root; >@@ -1047,6 +1048,50 @@ DROP USER u26813@localhost; > DROP DATABASE db26813; > disconnect u1; > >+--echo # >+--echo # Bug#29908: A user can gain additional access through the ALTER VIEW. >+--echo # >+connection root; >+CREATE DATABASE mysqltest_29908; >+USE mysqltest_29908; >+CREATE TABLE t1(f1 INT, f2 INT); >+CREATE USER u29908_1@localhost; >+CREATE DEFINER = u29908_1@localhost VIEW v1 AS SELECT f1 FROM t1; >+CREATE DEFINER = u29908_1@localhost SQL SECURITY INVOKER VIEW v2 AS >+ SELECT f1 FROM t1; >+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v1 TO u29908_1@localhost; >+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_1@localhost; >+GRANT SELECT ON mysqltest_29908.t1 TO u29908_1@localhost; >+CREATE USER u29908_2@localhost; >+GRANT DROP, CREATE VIEW ON mysqltest_29908.v1 TO u29908_2@localhost; >+GRANT DROP, CREATE VIEW, SHOW VIEW ON mysqltest_29908.v2 TO u29908_2@localhost; >+GRANT SELECT ON mysqltest_29908.t1 TO u29908_2@localhost; >+ >+connect (u2,localhost,u29908_2,,mysqltest_29908); >+--error ER_SPECIFIC_ACCESS_DENIED_ERROR >+ALTER VIEW v1 AS SELECT f2 FROM t1; >+ALTER VIEW v2 AS SELECT f2 FROM t1; >+SHOW CREATE VIEW v2; >+ >+connect (u1,localhost,u29908_1,,mysqltest_29908); >+ALTER VIEW v1 AS SELECT f2 FROM t1; >+SHOW CREATE VIEW v1; >+ALTER VIEW v2 AS SELECT f1 FROM t1; >+SHOW CREATE VIEW v2; >+ >+connection root; >+ALTER VIEW v1 AS SELECT f1 FROM t1; >+SHOW CREATE VIEW v1; >+ALTER VIEW v2 AS SELECT f2 FROM t1; >+SHOW CREATE VIEW v2; >+ >+DROP USER u29908_1@localhost; >+DROP USER u29908_2@localhost; >+DROP DATABASE mysqltest_29908; >+disconnect u1; >+disconnect u2; >+--echo ####################################################################### >+ > # > # BUG#24040: Create View don't succed with "all privileges" on a database. > # >Index: mysql/sql/sql_view.cc >=================================================================== >--- mysql.orig/sql/sql_view.cc >+++ mysql/sql/sql_view.cc >@@ -224,9 +224,6 @@ bool mysql_create_view(THD *thd, TABLE_L > { > LEX *lex= thd->lex; > bool link_to_local; >-#ifndef NO_EMBEDDED_ACCESS_CHECKS >- bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer; >-#endif > /* first table in list is target VIEW name => cut off it */ > TABLE_LIST *view= lex->unlink_first_table(&link_to_local); > TABLE_LIST *tables= lex->query_tables; >@@ -281,7 +278,7 @@ bool mysql_create_view(THD *thd, TABLE_L > - same as current user > - current user has SUPER_ACL > */ >- if (definer_check_is_needed && >+ if (lex->definer && > (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 || > my_strcasecmp(system_charset_info, > lex->definer->host.str,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=138868">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 201669
:
138867
| 138868 |
138869
