← Back to team overview

ourdelta-developers team mailing list archive

Re: [Bug 352840] Re: INNODB_BUFFER_POOL_CONTENT privacy issue

 

I have a guess at how to fix this, but at the moment I don't have
access to a sane build environment...Could someone test the following
diff which I made against mysql-5.0.77-d8-ourdelta.  The file in
question is sql/sql_parse.cc

***************
*** 3000,3019 ****
--- 3000,3024 ----
    case SCH_CHARSETS:
    case SCH_COLLATIONS:
    case SCH_COLLATION_CHARACTER_SET_APPLICABILITY:
    case SCH_USER_PRIVILEGES:
    case SCH_SCHEMA_PRIVILEGES:
    case SCH_TABLE_PRIVILEGES:
    case SCH_COLUMN_PRIVILEGES:
    case SCH_TABLE_CONSTRAINTS:
    case SCH_KEY_COLUMN_USAGE:
    case SCH_INNODB_I_S_BUFFER_POOL_CONTENT:
+   {
+      if (check_global_access(thd, SUPER_ACL))
+      goto error;
+   }
+
    default:
      break;
    }

    SELECT_LEX *select_lex= lex->current_select;
    if (make_schema_select(thd, select_lex, schema_table_idx))
    {
      DBUG_RETURN(1);
    }
    TABLE_LIST *table_list= (TABLE_LIST*) select_lex->table_list.first;


-- 
Rob Wultsch
wultsch@xxxxxxxxx

-- 
INNODB_BUFFER_POOL_CONTENT privacy issue
https://bugs.launchpad.net/bugs/352840
You received this bug notification because you are a member of OurDelta-
developers, which is the registrant for OurDelta.

Status in OurDelta - Builds for MySQL: Confirmed
Status in Patches for MySQL by Percona: New

Bug description:
INNODB_BUFFER_POOL_CONTENT does not prune rows returned in terms of what databases/tables the requesting user has access to. In many environments it is unacceptable for user to have access to data about the names of all database and table that exist on the instance.

I suggest that access to INNODB_BUFFER_POOL_CONTENT be restricted to user that have the SUPER privilege.



References