| Bug #7043 | SHOW CREATE TABLE security hole | ||
|---|---|---|---|
| Submitted: | 6 Dec 2004 16:43 | Modified: | 7 Dec 2004 19:55 |
| Reporter: | Gabor Kiss | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S2 (Serious) |
| Version: | 4.1.7-log | OS: | Linux (Linux) |
| Assigned to: | CPU Architecture: | Any | |
[6 Dec 2004 17:53]
MySQL Verification Team
Verified on latest BK source.
[7 Dec 2004 19:55]
Jani Tolonen
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.
If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information
about accessing the source trees is available at
http://www.mysql.com/doc/en/Installing_source_tree.html
Description: SHOW CREATE TABLE reveals table structure even if user has no permissions to do anything with a table. How to repeat: mysql> describe tapes; ERROR 1142 (42000): select command denied to user 'guest2'@'myhost.mydoma.in' for table 'tapes' mysql> show create table `tapes` \G *************************** 1. row *************************** Table: tapes Create Table: CREATE TABLE `tapes` ( `tape` smallint(6) NOT NULL default '0', `id` varchar(10) default NULL, `fleet` varchar(10) default '', `last_time` datetime default NULL, PRIMARY KEY (`tape`), UNIQUE KEY `id` (`id`,`fleet`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 1 row in set (0.01 sec) mysql>