• unknown's avatar
    BUG#7391 - Cross-database multi-table UPDATE uses active database · 74465080
    unknown authored
               privileges
    
    This problem is 4.1 specific. It doesn't affect 4.0 and was fixed
    in 5.x before.
    
    Having any mysql user who is allowed to issue multi table update
    statement and any column/table grants, allows this user to update
    any table on a server (mysql grant tables are not exception).
    
    check_grant() accepts number of tables (in table list) to be checked
    in 5-th param. While checking grants for multi table update, number
    of tables must be 1. It must never be 0 (actually we have
    DBUG_ASSERT(number > 0) in 5.x in grant_check() function).
    
    
    mysql-test/r/grant.result:
      Addition to test case for bug#7391:
      - Added grant statement to trigger this problem in 4.1.
      - Fixed error messages.
    mysql-test/t/grant.test:
      Addition to test case for bug#7391:
      - Added grant statement to trigger this problem in 4.1.
      - Fixed error messages.
    sql/sql_update.cc:
      check_grant() accepts number of tables (in table list) to be checked
      in 5-th param. For this particular check number of tables must be 1.
      It must never be 0 (actually we have DBUG_ASSERT(number > 0) in 5.x
      in grant_check() function).
    74465080
grant.result 23.7 KB