MySQL Bugs: #36086: SELECT * from views don't check column grants

Bug #36086	SELECT * from views don't check column grants
Submitted:	15 Apr 2008 9:09	Modified:	17 Oct 2008 17:26
Reporter:	Martin Hansson	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S3 (Non-critical)
Version:	5.0, 5.1, 6.0	OS:	Any
Assigned to:	Martin Hansson	CPU Architecture:	Any
Tags:	grant, grants, privileges, VIEW

Description:
When the user issues a 'SELECT * FROM <view>', the individual column grants are not checked.

How to repeat:
CREATE USER mysqluser1@localhost;
CREATE DATABASE mysqltest1;

USE mysqltest1;

CREATE VIEW v1 AS SELECT 1 AS a, 2 AS b;

# Note: We grant SELECT only on (a)
GRANT SELECT( a ) ON v1 TO mysqluser1@localhost;

--connect (connection1, localhost, mysqluser1, , )

# Should give error but does not
--error 1143
SELECT * FROM mysqltest1.v1;

--connection default
DROP VIEW v1;
DROP DATABASE mysqltest1;
DROP USER mysqluser1@localhost;

Thank you for the bug report. Verified as described.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/45543

ChangeSet@1.2636, 2008-04-17 14:38:41+02:00, mhansson@riffraff.(none) +7 -0
  Bug#36086: SELECT * from views don't check column grants
  
  A "SELECT *" against an ALGORITHM=TEMPTABLE view was 
  wrongfully treated as derived table (i.e. access checking
  was skipped). Fixed by introducing a predicate to tell
  the difference.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/45558

ChangeSet@1.2636, 2008-04-17 17:12:28+02:00, mhansson@riffraff.(none) +5 -0
  Bug#36086: SELECT * from views don't check column grants
  
  A "SELECT *" against an ALGORITHM=TEMPTABLE view was 
  wrongfully treated as derived table (i.e. access checking
  was skipped). Fixed by introducing a predicate to tell
  the difference.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/45760

ChangeSet@1.2621, 2008-04-21 15:19:05+02:00, mhansson@riffraff.(none) +5 -0
  Bug#36086: SELECT * from views don't check column grants
  
  A "SELECT *" against an ALGORITHM=TEMPTABLE view was 
  wrongfully treated as derived table, i.e. access checking
  was skipped. (From SQL:2003 std sect. 4.3: "The result of a 
  query is called a derived table"). Fixed by introducing a 
  predicate to tell the difference.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/45765

ChangeSet@1.2621, 2008-04-21 15:45:48+02:00, mhansson@riffraff.(none) +5 -0
  Bug#36086: SELECT * from views don't check column grants
  
  A "SELECT *" against an ALGORITHM=TEMPTABLE view was 
  wrongfully treated as derived table, i.e. access checking
  was skipped. (From SQL:2003 std sect. 4.3: "The result of a 
  query is called a derived table"). Fixed by introducing a 
  predicate to tell the difference.

After discussion with theK, we decided to use the following nomenclature. It is based on the SQL:2003 standard sect 4.14.2 Types of tables:

- A derived table can be either a view or the result of a subquery.

- A view is a named derived table.

- The result of a subquery is an anonymous derived table. The standard does not give a name to the concept, but this seems an obvious name that is unused in the standard.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/47062

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/47081

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/47739

2666 Martin Hansson	2008-06-11
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
          
      - In many place a view was confused with an anonymous derived table, 
        i.e. access checking was skipped. Fixed by introducing a predicate 
        to tell the difference between named and anonymous derived tables.
          
      - When inserting fields for "SELECT * ", there was no distinction made
        between base tables and views when it should have. View privileges are 
        checked elsewhere.
          
      - Privileges for TEMPTABLE views should not be checked in check_grant.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/48143

2666 Martin Hansson	2008-06-19
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                
      - In many place a view was confused with an anonymous derived table, 
        i.e. access checking was skipped. Fixed by introducing a predicate 
        to tell the difference between named and anonymous derived tables.
                
      - When inserting fields for "SELECT * ", there was no distinction made
        between base tables and views when it should have. View privileges are 
        checked elsewhere.
                
      - Privileges for TEMPTABLE views should not be checked in check_grant().

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/48580

2666 Martin Hansson	2008-06-26
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                
      - In many place a view was confused with an anonymous derived table, 
        i.e. access checking was skipped. Fixed by introducing a predicate 
        to tell the difference between named and anonymous derived tables.
                
      - When inserting fields for "SELECT * ", there was no distinction made
        between base tables and views when it should have. View privileges are 
        checked elsewhere.
                
      - Privileges for TEMPTABLE views should not be checked in check_grant().

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/48603

2666 Martin Hansson	2008-06-27
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                
      - In many place a view was confused with an anonymous derived table, 
        i.e. access checking was skipped. Fixed by introducing a predicate 
        to tell the difference between named and anonymous derived tables.
                
      - When inserting fields for "SELECT * ", there was no distinction made
        between base tables and views when it should have. View privileges are 
        checked elsewhere.
                
      - Privileges for TEMPTABLE views should not be checked in check_grant().

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/48606

2666 Martin Hansson	2008-06-27
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                
      - In many place a view was confused with an anonymous derived table, 
        i.e. access checking was skipped. Fixed by introducing a predicate 
        to tell the difference between named and anonymous derived tables.
                
      - When inserting fields for "SELECT * ", there was no distinction made
        between base tables and views when it should have. View privileges are 
        checked elsewhere.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53063

2677 Martin Hansson	2008-09-02
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                            
      - In many places a view was confused with an anonymous derived
        table, i.e. access checking was skipped. Fixed by introducing a
        predicate to tell the difference between named and anonymous
        derived tables.
                            
      - When inserting fields for "SELECT * ", there was no 
        distinction between base tables and views, where one should be
        made. View privileges are checked elsewhere.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53154

2677 Martin Hansson	2008-09-03
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                            
      - In many places a view was confused with an anonymous derived
        table, i.e. access checking was skipped. Fixed by introducing a
        predicate to tell the difference between named and anonymous
        derived tables.
                            
      - When inserting fields for "SELECT * ", there was no 
        distinction between base tables and views, where one should be
        made. View privileges are checked elsewhere.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53161

2677 Martin Hansson	2008-09-03
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                            
      - In many places a view was confused with an anonymous derived
        table, i.e. access checking was skipped. Fixed by introducing a
        predicate to tell the difference between named and anonymous
        derived tables.
                            
      - When inserting fields for "SELECT * ", there was no 
        distinction between base tables and views, where one should be
        made. View privileges are checked elsewhere.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53168

2677 Martin Hansson	2008-09-03
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                            
      - In many places a view was confused with an anonymous derived
        table, i.e. access checking was skipped. Fixed by introducing a
        predicate to tell the difference between named and anonymous
        derived tables.
                            
      - When inserting fields for "SELECT * ", there was no 
        distinction between base tables and views, where one should be
        made. View privileges are checked elsewhere.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53180

2677 Martin Hansson	2008-09-03
      Bug#36086: SELECT * from views don't check column grants
      This patch also fixes bugs 36963 and 35600.
                            
      - In many places a view was confused with an anonymous derived
        table, i.e. access checking was skipped. Fixed by introducing a
        predicate to tell the difference between named and anonymous
        derived tables.
                            
      - When inserting fields for "SELECT * ", there was no 
        distinction between base tables and views, where one should be
        made. View privileges are checked elsewhere.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53487

2687 Martin Hansson	2008-09-08 [merge]
      Bug#36086: Manual merge.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53497

2683 Martin Hansson	2008-09-08 [merge]
      Bug#36086: Auto merge.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53498

2683 Martin Hansson	2008-09-08 [merge]
      Bug#36086: Auto merge.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53500

2689 Martin Hansson	2008-09-08 [merge]
      Bug#36086: Auto merge.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53504

2689 Martin Hansson	2008-09-08 [merge]
      Bug#36086: Auto merge.

Pushed into 5.1.29  (revid:mhansson@mysql.com-20080908100442-odnl54ti4r8p6im2) (version source revid:kgeorge@mysql.com-20080910094421-1i1kxv3n1bxskiqa) (pib:3)

Noted in 5.1.29 changelog.

In some cases, references to views were confused with references to
anonymous tables and privilege-checking was not performed.

Setting report to NDI pending push into 6.0.x.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/54543

2698 He Zhenxing	2008-09-26 [merge]
      Merge 5.1 main -> 5.1-rpl

Pushed into 5.1.29  (revid:mhansson@mysql.com-20080908100442-odnl54ti4r8p6im2) (version source revid:kgeorge@mysql.com-20080910094421-1i1kxv3n1bxskiqa) (pib:4)

Setting report to NDI pending push into 6.0.x.

Pushed into 6.0.8-alpha  (revid:mhansson@mysql.com-20080908100442-odnl54ti4r8p6im2) (version source revid:kpettersson@mysql.com-20080911114255-81pt7q1uvl1fkojq) (pib:5)

Noted in 6.0.8 changelog.

Pushed into 5.1.29-ndb-6.2.17  (revid:mhansson@mysql.com-20080908100442-odnl54ti4r8p6im2) (version source revid:tomas.ulin@sun.com-20081028140209-u4emkk1xphi5tkfb) (pib:5)

Pushed into 5.1.29-ndb-6.3.19  (revid:mhansson@mysql.com-20080908100442-odnl54ti4r8p6im2) (version source revid:tomas.ulin@sun.com-20081028194045-0353yg8cvd2c7dd1) (pib:5)

Pushed into 5.1.29-ndb-6.4.0  (revid:mhansson@mysql.com-20080908100442-odnl54ti4r8p6im2) (version source revid:jonas@mysql.com-20081101082305-qx5a1bj0z7i8ueys) (pib:5)