Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25141

JSON_TABLE: SELECT into outfile bypasses file privilege check

    XMLWordPrintable

    Details

      Description

      SELECT from JSON_TABLE into an outfile doesn't check for FILE privilege.

      bb-10.6-mdev17399-psergey2 8b533cc1d5

      +-----------------------------------------+
      | Grants for foo@localhost                |
      +-----------------------------------------+
      | GRANT USAGE ON *.* TO `foo`@`localhost` |
      +-----------------------------------------+
      1 row in set (0.000 sec)
       
      MariaDB [test]> select 1 into outfile 'f';
      ERROR 1045 (28000): Access denied for user 'foo'@'localhost' (using password: NO)
       
      MariaDB [test]> select * into outfile 'f' from json_table('[]', '$' columns(x for ordinality)) q;
      Query OK, 1 row affected (0.001 sec)
      

      MTR version

      create user foo@localhost;
      --connect (con1,localhost,foo,,)
      --error ER_ACCESS_DENIED_ERROR,ER_SPECIFIC_ACCESS_DENIED_ERROR
      select 1 into outfile 'f';
      --error ER_ACCESS_DENIED_ERROR,ER_SPECIFIC_ACCESS_DENIED_ERROR
      select * from json_table('[]', '$' columns(x for ordinality)) q into outfile 'f';
       
      # Cleanup
      --disconnect con1
      --connection default
      DROP USER foo@localhost;
      

      Works as expected in MySQL (SELECT is prohibited).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              holyfoot Alexey Botchkov
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: