MonetDB: Mar2018 - fix for bug 6628 (users are allowed to access...

Niels Nes Fri, 27 Jul 2018 01:20:02 -0700

Changeset: c65a60e3b9cb for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=c65a60e3b9cb
Modified Files:
        sql/server/sql_privileges.c
Branch: Mar2018
Log Message:


fix for bug 6628 (users are allowed to access there temporary tables)


diffs (12 lines):

diff --git a/sql/server/sql_privileges.c b/sql/server/sql_privileges.c
--- a/sql/server/sql_privileges.c
+++ b/sql/server/sql_privileges.c
@@ -446,7 +446,7 @@ int
 table_privs(mvc *m, sql_table *t, int priv)
 {
        /* temporary tables are owned by the session user */
-       if (t->persistence == SQL_DECLARED_TABLE || (priv == PRIV_SELECT && 
(t->persistence != SQL_PERSIST || t->commit_action)))
+       if (t->persistence == SQL_DECLARED_TABLE || (!t->system && 
t->persistence != SQL_PERSIST) || (priv == PRIV_SELECT && (t->persistence != 
SQL_PERSIST || t->commit_action)))
                return 1;
        if (admin_privs(m->user_id) || admin_privs(m->role_id) || (t->s && 
(m->user_id == t->s->auth_id || m->role_id == t->s->auth_id)) || 
sql_privilege(m, m->user_id, t->base.id, priv, 0) == priv || sql_privilege(m, 
m->role_id, t->base.id, priv, 0) == priv || sql_privilege(m, ROLE_PUBLIC, 
t->base.id, priv, 0) == priv) {
                return 1;
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list

MonetDB: Mar2018 - fix for bug 6628 (users are allowed to access...

Reply via email to