• unknown's avatar
    Bug#27878: Unchecked privileges on a view referring to a table from another · 04efdb15
    unknown authored
    database.
    
    If a user has a right to update anything in the current database then the 
    access was granted and further checks of access rights for underlying tables
    wasn't done correctly. The check is done before a view is opened and thus no
    check of access rights for underlying tables can be carried out.
    This allows a user to update through a view a table from another database for
    which he hasn't enough rights.
    
    Now the mysql_update() and the mysql_test_update() functions are forces
    re-checking of access rights after a view is opened.
    
    
    mysql-test/t/grant.test:
      Added a test case for the bug#27878: Unchecked privileges on a view referring to a table from another database.
    mysql-test/r/grant.result:
      Added a test case for the bug#27878: Unchecked privileges on a view referring to a table from another database.
    sql/sql_update.cc:
      Bug#27878: Unchecked privileges on a view referring to a table from another 
      database.
      Now the mysql_update() function forces re-checking of access rights after 
      the view is opened.
    sql/sql_prepare.cc:
      Bug#27878: Unchecked privileges on a view referring to a table from another 
      database.
      Now the mysql_test_update() function forces re-checking of access rights after
      the view is opened.
    04efdb15
sql_update.cc 46.1 KB