Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22378

load_data() always takes invoker FILE privileges in view

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.5, 10.1, 10.2, 10.3, 10.4, 10.5
    • Fix Version/s: 10.1, 10.2, 10.3, 10.4, 10.5
    • Component/s: Views
    • Labels:
      None

      Description

      create table t1 (a int);
      insert into t1 values (1);
       
      eval select * into outfile "../../tmp/outfile-test.1" from t1;
       
      SELECT load_file("../../tmp/outfile-test.1") as file from t1;
       
      create user test@localhost;
      grant select on test.* to test@localhost;
       
      create definer=test@localhost sql security definer view v1 as select * from t1;
       
      SELECT load_file("../../tmp/outfile-test.1") as file from v1;
       
      drop view v1;
       
      create definer=test@localhost sql security definer view v1 as select load_file("../../tmp/outfile-test.1") as file from t1;
       
      --echo # should be an error, but no
      SELECT  * from v1;
       
      drop view v1;
      create definer=root@localhost sql security definer view v1 as select * from t1;
       
      connect (con1,localhost,test,,);
       
      SELECT load_file("../../tmp/outfile-test.1") as file from v1;
       
      connection default;
       
      drop view v1;
      create definer=root@localhost sql security definer view v1 as select load_file("../../tmp/outfile-test.1") as file from t1;
       
      connection con1;
       
      SELECT  * from v1;
       
      connection default;
      disconnect con1;
       
      drop view v1;
      drop table t1;
      drop user test@localhost;
      

      result:

      create table t1 (a int);
      insert into t1 values (1);
      select * into outfile "../../tmp/outfile-test.1" from t1;
      SELECT load_file("../../tmp/outfile-test.1") as file from t1;
      file
      1
       
      create user test@localhost;
      grant select on test.* to test@localhost;
      create definer=test@localhost sql security definer view v1 as select * from t1;
      SELECT load_file("../../tmp/outfile-test.1") as file from v1;
      file
      1
       
      drop view v1;
      create definer=test@localhost sql security definer view v1 as select load_file("../../tmp/outfile-test.1") as file from t1;
      # should be an error, but no
      SELECT  * from v1;
      file
      1
       
      drop view v1;
      create definer=root@localhost sql security definer view v1 as select * from t1;
      SELECT load_file("../../tmp/outfile-test.1") as file from v1;
      file
      NULL
      drop view v1;
      create definer=root@localhost sql security definer view v1 as select load_file("../../tmp/outfile-test.1") as file from t1;
      SELECT  * from v1;
      file
      NULL
      drop view v1;
      drop table t1;
      drop user test@localhost;
      

      for EXEC priviledge everything is correct:

      create table t1 (a int);
      insert into t1 values (1);
       
      create function one1() returns int return 1;
       
       
      SELECT one1() as func from t1;
       
      create user test@localhost;
      grant select on test.* to test@localhost;
       
      create definer=test@localhost sql security definer view v1 as select * from t1;
       
      SELECT one1() as func from v1;
       
      drop view v1;
       
      create definer=test@localhost sql security definer view v1 as select one1() as func from t1;
      create definer=root@localhost sql security definer view v2 as select one1() as func from t1;
       
      SELECT * from v2;
      --error ER_VIEW_INVALID
      SELECT * from v1;
       
      drop view v1;
      create definer=root@localhost sql security definer view v1 as select * from t1;
       
      connect (con1,localhost,test,,);
       
      --error ER_PROCACCESS_DENIED_ERROR
      SELECT one1() as func from v1;
       
      connection default;
       
      drop view v1,v2;
      create definer=test@localhost sql security definer view v1 as select one1() as func from t1;
       
      create definer=root@localhost sql security definer view v2 as select one1() as func from t1;
       
      connection con1;
       
      --error ER_VIEW_INVALID
      SELECT  * from v1;
      SELECT  * from v2;
       
      connection default;
      disconnect con1;
       
      drop view v1,v2;
      drop table t1;
      drop function one1;
      drop user test@localhost;
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sanja Oleksandr Byelkin
              Reporter:
              sanja Oleksandr Byelkin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: