Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
12.1.1
-
Ubuntu 20.04 LTS, MD EPYC 7742, 128 Cores, 2.25 GHz
-
Unexpected results
-
Q1/2026 Server Maintenance
Description
How to repeat:
-- Login as ROOT user
|
CREATE USER regular; |
GRANT INSERT ON *.* TO regular; |
|
|
CREATE DATABASE test; |
DROP TABLE IF EXISTS test.t_trigger_test; |
CREATE TABLE test.t_trigger_test ( |
id INT AUTO_INCREMENT PRIMARY KEY, |
name VARCHAR(50), |
note VARCHAR(100) |
);
|
-- Create trigger (ROOT user)
|
DELIMITER //
|
CREATE TRIGGER test.trg_before_insert |
BEFORE INSERT ON test.t_trigger_test |
FOR EACH ROW |
BEGIN
|
SET NEW.name = CONCAT('BEFORE_', NEW.name); |
END // |
DELIMITER ;
|
|
|
-- Login as regular user
|
-- INSERT command (regular user)
|
INSERT INTO test.t_trigger_test (name) VALUES ('Alice') RETURNING *; |
-- ERROR 1143 (42000): SELECT command denied to user 'regular'@'localhost' for column 'id' in table 't_trigger_test' (correct behavior)
|
INSERT INTO test.t_trigger_test (name) VALUES ('Alice') RETURNING id, name, note; |
-- Expected behavior: SELECT command denied
|
-- Actual:
|
/*
|
1. Returns the auto-increment id, which was not included in the INSERT statement.
|
2. Returns 'BEFORE_Alice', the name rewritten by the trigger.
|
3. Since 'regular' only has INSERT permission, it should not have access to this data.
|
+----+--------------+------+
|
| id | name | note |
|
+----+--------------+------+
|
| 1 | BEFORE_Alice | NULL |
|
+----+--------------+------+
|
*/ |
In this example, "RETURNING *" blocks the unprivileged columns. However, "RETURNING id" shows the unprivileged column "id", which exposes the size of the table. And "RETURNING name" shows the content rewritten by the trigger.
Attachments
Issue Links
- causes
-
-
- Closed
-