← Back to team overview

maria-developers team mailing list archive

Re: 326db1a: Mdev-14853 Grant does not work correctly when table contains...


Hi, Sachin!

On Apr 26, sachin wrote:
> revision-id: 326db1a2aaa9b275a1a21a863e8cd2d9fa1b1d5f (mariadb-10.3.6-46-g326db1a)
> parent(s): 9477a2a9ba17c0db362e2bb39d5048e369096f39
> author: Sachin Setiya
> committer: Sachin Setiya
> timestamp: 2018-04-26 12:47:25 +0530
> message:
> Mdev-14853 Grant does not work correctly when table contains...
> This commit does multiple things to solve this mdev
> 1st add field into the parameter of check_column_grant_in_table_ref, so that
> we can find out field invisibility.
> 2nd If field->invisible >= INVISIBLE_SYSTEM skip access check and simple
> grant access.

Looks ok. A couple of comments about the test:

1. I suppose now you can use system versioning to test system invisible
   fields, so there's no need to limit this test to debug-only builds.

2. please test a case when a user has *no* privileges on the table at
   all. To make sure he cannot select always-readable system invisible

and change the capitalization in the commit comment to say MDEV not
Mdev - I suspect this was the reason why Jira didn't pick up your commit.

Chief Architect MariaDB
and security@xxxxxxxxxxx