[MDEV-5553] A view or procedure with a non existing definer can block "SHOW TABLE STATUS" with an unclear error message - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.34
Fix Version/s: 5.5.40
Component/s: Views
Labels:
None

Description

Creating a view with a definer that does not exists can block a SHOW TABLE STATUS for the whole database if a GROUP BY is used on the view :

MariaDB [test2]> CREATE TABLE `testtable` (

    ->   `id` int(11) NOT NULL AUTO_INCREMENT,

    ->   PRIMARY KEY (`id`)

    -> );

Query OK, 0 rows affected (0.01 sec)

MariaDB [test2]> SHOW TABLE STATUS;

+-----------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-------------------+----------+----------------+---------+

| Name      | Engine | Version | Row_format | Rows | Avg_row_length | Data_length | Max_data_length | Index_length | Data_free | Auto_increment | Create_time         | Update_time | Check_time | Collation         | Checksum | Create_options | Comment |

+-----------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-------------------+----------+----------------+---------+

| testtable | InnoDB |      10 | Compact    |    0 |              0 |       16384 |               0 |            0 |         0 |              1 | 2014-01-22 19:29:18 | NULL        | NULL       | latin1_swedish_ci |     NULL |                |         |

+-----------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-------------------+----------+----------------+---------+

1 row in set (0.00 sec)

MariaDB [test2]> CREATE DEFINER=`unknownuser`@`%` SQL SECURITY DEFINER VIEW `testview` AS SELECT testtable.id FROM testtable GROUP BY testtable.id;

Query OK, 0 rows affected, 1 warning (0.00 sec)

MariaDB [test2]> SHOW WARNINGS;

+-------+------+--------------------------------------------------------------------+

| Level | Code | Message                                                            |

+-------+------+--------------------------------------------------------------------+

| Note  | 1449 | The user specified as a definer ('unknownuser'@'%') does not exist |

+-------+------+--------------------------------------------------------------------+

1 row in set (0.00 sec)

MariaDB [test2]> SHOW TABLE STATUS;

ERROR 1143 (42000): SELECT command denied to user ''@'%' for column 'id' in table 'testtable'

MariaDB [test2]> SHOW WARNINGS;

+-------+------+---------------------------------------------------------------------------+

| Level | Code | Message                                                                   |

+-------+------+---------------------------------------------------------------------------+

| Error | 1143 | SELECT command denied to user ''@'%' for column 'id' in table 'testtable' |

| Note  | 1449 | The user specified as a definer ('unknownuser'@'%') does not exist        |

+-------+------+---------------------------------------------------------------------------+

2 rows in set (0.00 sec)

MariaDB [test2]> SELECT USER();

+----------------+

| USER()         |

+----------------+

| root@localhost |

+----------------+

1 row in set (0.00 sec)

The error message when the "SHOW TABLE STATUS" is issued is not clear, it should ideally reference to the incorrectly defined view and to the non-existing definer.

ps: the same happens with ROUTINES/PROCEDURES.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

mdev-5553.diff
3 kB
2014-10-05 11:58

Activity

Ascending order - Click to sort in descending order

Jean Weisbuch created issue - 2014-01-22 20:45

Sergei Golubchik made changes - 2014-01-28 18:29

Field	Original Value	New Value
Priority	Trivial [ 5 ]	Major [ 3 ]

Sergei Golubchik made changes - 2014-01-28 18:29

Fix Version/s

5.5.36 [ 14600 ]

Sergei Golubchik made changes - 2014-02-18 19:15

Priority

Major [ 3 ]

Minor [ 4 ]

Sergei Golubchik made changes - 2014-02-24 21:51

Fix Version/s		5.5.37 [ 15000 ]
Fix Version/s	5.5.36 [ 14600 ]

Sergei Golubchik made changes - 2014-04-15 23:53

Fix Version/s		5.5.38 [ 15400 ]
Fix Version/s	5.5.37 [ 15000 ]

Sergei Golubchik made changes - 2014-06-06 10:26

Fix Version/s		5.5.39 [ 15800 ]
Fix Version/s	5.5.38 [ 15400 ]

Sergei Golubchik made changes - 2014-06-13 15:06

Workflow

defaullt [ 33714 ]

MariaDB v2 [ 44611 ]

Jean Weisbuch made changes - 2014-08-01 16:50

Summary

A view with a non existing definer can block "SHOW TABLE STATUS" with an unclear error message

A view or procedure with a non existing definer can block "SHOW TABLE STATUS" with an unclear error message

Jean Weisbuch made changes - 2014-08-01 16:55

Description

Creating a view with a definer that does not exists can block a SHOW TABLE STATUS for the whole database if a GROUP BY is used on the view :
{noformat}MariaDB [test2]> CREATE TABLE `testtable` (
    -> `id` int(11) NOT NULL AUTO_INCREMENT,
    -> PRIMARY KEY (`id`)
    -> );
Query OK, 0 rows affected (0.01 sec)

MariaDB [test2]> SHOW TABLE STATUS;
+-----------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-------------------+----------+----------------+---------+
| Name | Engine | Version | Row_format | Rows | Avg_row_length | Data_length | Max_data_length | Index_length | Data_free | Auto_increment | Create_time | Update_time | Check_time | Collation | Checksum | Create_options | Comment |
+-----------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-------------------+----------+----------------+---------+
| testtable | InnoDB | 10 | Compact | 0 | 0 | 16384 | 0 | 0 | 0 | 1 | 2014-01-22 19:29:18 | NULL | NULL | latin1_swedish_ci | NULL | | |
+-----------+--------+---------+------------+------+----------------+-------------+-----------------+--------------+-----------+----------------+---------------------+-------------+------------+-------------------+----------+----------------+---------+
1 row in set (0.00 sec)

MariaDB [test2]> CREATE DEFINER=`unknownuser`@`%` SQL SECURITY DEFINER VIEW `testview` AS SELECT testtable.id FROM testtable GROUP BY testtable.id;
Query OK, 0 rows affected, 1 warning (0.00 sec)

MariaDB [test2]> SHOW WARNINGS;
+-------+------+--------------------------------------------------------------------+
| Level | Code | Message |
+-------+------+--------------------------------------------------------------------+
| Note | 1449 | The user specified as a definer ('unknownuser'@'%') does not exist |
+-------+------+--------------------------------------------------------------------+
1 row in set (0.00 sec)

MariaDB [test2]> SHOW TABLE STATUS;
ERROR 1143 (42000): SELECT command denied to user ''@'%' for column 'id' in table 'testtable'
MariaDB [test2]> SHOW WARNINGS;
+-------+------+---------------------------------------------------------------------------+
| Level | Code | Message |
+-------+------+---------------------------------------------------------------------------+
| Error | 1143 | SELECT command denied to user ''@'%' for column 'id' in table 'testtable' |
| Note | 1449 | The user specified as a definer ('unknownuser'@'%') does not exist |
+-------+------+---------------------------------------------------------------------------+
2 rows in set (0.00 sec)

MariaDB [test2]> SELECT USER();
+----------------+
| USER() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec){noformat}

The error message when the "SHOW TABLE STATUS" is issued is not clear, it should ideally reference to the incorrectly defined view and to the non-existing definer.

Jean Weisbuch made changes - 2014-08-01 16:55

Priority

Minor [ 4 ]

Major [ 3 ]

Sergei Golubchik made changes - 2014-10-05 11:58

Attachment

mdev-5553.diff [ 34600 ]

Sergei Golubchik made changes - 2014-10-05 11:58

Assignee

Sergei Golubchik [ serg ]

Sergei Golubchik made changes - 2014-10-05 11:58

Status

Open [ 1 ]

In Progress [ 3 ]

Sergei Golubchik made changes - 2014-10-05 11:59

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Sergei Golubchik made changes - 2014-10-05 11:59

Assignee	Sergei Golubchik [ serg ]	Sergei Petrunia [ psergey ]
Status	Stalled [ 10000 ]	In Review [ 10002 ]

Sergei Petrunia added a comment - 2014-10-07 13:00

I don't have any meaningful objections to the patch.

Sergei Petrunia added a comment - 2014-10-07 13:00 I don't have any meaningful objections to the patch.

Sergei Petrunia made changes - 2014-10-07 13:01

Status

In Review [ 10002 ]

Stalled [ 10000 ]

Sergei Golubchik made changes - 2014-10-07 13:28

Component/s		Views [ 10111 ]
Fix Version/s		5.5.40 [ 17100 ]
Fix Version/s	5.5 [ 15800 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Rasmus Johansson (Inactive) made changes - 2015-05-18 17:51

Workflow

MariaDB v2 [ 44611 ]

MariaDB v3 [ 64805 ]

Sergei Golubchik made changes - 2021-12-06 21:39

Workflow

MariaDB v3 [ 64805 ]

MariaDB v4 [ 147426 ]

People

Assignee:: Sergei Petrunia

Reporter:: Jean Weisbuch

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2014-01-22 20:45

Updated:: 2014-10-07 13:28

Resolved:: 2014-10-07 13:28

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Attachments

Activity

People

Dates

Git Integration