Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privilege check is skipped for PREPARE statement #35784

Closed
djshow832 opened this issue Jun 28, 2022 · 0 comments · Fixed by #36933
Closed

Privilege check is skipped for PREPARE statement #35784

djshow832 opened this issue Jun 28, 2022 · 0 comments · Fixed by #36933
Assignees
@lcwangchao
Labels
component/privilege severity/moderate sig/sql-infra SIG: SQL Infra type/bug This issue is a bug.

Comments

@djshow832
Copy link
Contributor

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

The root creates a user with no privileges:

mysql> CREATE USER 'u1'@'localhost';
Query OK, 0 rows affected (0.02 sec)

mysql> create table test.t1(id int);
Query OK, 0 rows affected (0.01 sec)

Login with u1:

mysql -h127.1 -uu1 -P7000
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| INFORMATION_SCHEMA |
+--------------------+
1 row in set (0.01 sec)

mysql> prepare stmt from 'select * from test.t1';
Query OK, 0 rows affected (0.00 sec)

mysql> prepare stmt from 'select * from test.t1 where id=1';
Query OK, 0 rows affected (0.00 sec)

mysql> prepare stmt from 'select * from test.t1 where x=1';
ERROR 1054 (42S22): Unknown column 'x' in 'where clause'

2. What did you expect to see? (Required)

mysql> prepare stmt from 'select * from test.t1';
ERROR 1142 (42000): SELECT command denied to user 'u1'@'localhost' for table 't1'

3. What did you see instead (Required)

mysql> prepare stmt from 'select * from test.t1';
Query OK, 0 rows affected (0.00 sec)

mysql> prepare stmt from 'select * from test.t1 where id=1';
Query OK, 0 rows affected (0.00 sec)

mysql> prepare stmt from 'select * from test.t1 where x=1';
ERROR 1054 (42S22): Unknown column 'x' in 'where clause'

Although u1 cannot see the data, he can inspect the table definition through the PREPARE statement. E.g. he knows that the table test.t1 exists, and test.t1 has column id but no x.

4. What is your TiDB version? (Required)

master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lcwangchao lcwangchao

Labels
component/privilege severity/moderate sig/sql-infra SIG: SQL Infra type/bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

executor: add privilege check for prepare stmt lcwangchao/tidb
2 participants
@lcwangchao @djshow832