From f0171a924a2595e6cb2e49525b854bf638c79e44 Mon Sep 17 00:00:00 2001 From: unknown <Sinisa@sinisa.nasamreza.org> Date: Thu, 8 Aug 2002 23:18:33 +0300 Subject: [PATCH] A very small security fix --- Docs/manual.texi | 3 +++ sql/sql_acl.cc | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Docs/manual.texi b/Docs/manual.texi index ae0a675a73b..8c4298fdd51 100644 --- a/Docs/manual.texi +++ b/Docs/manual.texi @@ -50222,6 +50222,9 @@ each individual 4.0.x release. @itemize @bullet @item +Fixed small security bug when old user table is used with 4.0.3 or higher +and user had no global access +@item Fixed security bug in database hash @item Fixed create table from any ITEM_FUNC and reverted a patch for month() diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index aad37477a70..7626fb85879 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -297,7 +297,8 @@ int acl_init(bool dont_read_acl_tables) user.access|=REFERENCES_ACL | INDEX_ACL | ALTER_ACL; } /* Convert old privileges */ - user.access|= LOCK_TABLES_ACL | CREATE_TMP_ACL | SHOW_DB_ACL; + if (user.access) + user.access|= LOCK_TABLES_ACL | CREATE_TMP_ACL | SHOW_DB_ACL; if (user.access & FILE_ACL) user.access|= REPL_CLIENT_ACL | REPL_SLAVE_ACL; if (user.access & PROCESS_ACL) -- 2.30.9