Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

privilege: add privilege check for show stats (#19702) #19760

Merged
merged 6 commits into from
Sep 7, 2020
Merged

privilege: add privilege check for show stats (#19702) #19760

merged 6 commits into from
Sep 7, 2020

Conversation

ti-srebot
Copy link
Contributor

cherry-pick #19702 to release-4.0

What problem does this PR solve?

Issue Number: close #17782

Problem Summary:
Command like SHOW STATS_META and SHOW STATS_BUCKETS didn't check privilege before. This will lead to table information leak, any user could see some table information by using SHOW STATS.

What is changed and how it works?

What's Changed:
Add privilege check for SHOW STATS related command.

How it Works:
Only user with SELECT privilege on mysql database could execute SHOW STATS

Related changes

  • Need to cherry-pick to the release branch

Check List

Tests

  • Unit test

Side effects

  • Breaking backward compatibility

Release note

  • Add privilege check for SHOW STATS_META, SHOW STATS_BUCKET.

@ti-srebot
Copy link
Contributor Author

/run-all-tests

@ti-srebot ti-srebot mentioned this pull request Sep 3, 2020
Merged
@ti-srebot ti-srebot added this to the v4.0.6 milestone Sep 3, 2020
@ti-srebot
Copy link
Contributor Author

@imtbkcat please accept the invitation then you can push to the cherry-pick pull requests.
https://github.com/ti-srebot/tidb/invitations

@tiancaiamao
Copy link
Contributor

Please address conflict @imtbkcat

Lingyu Song added 2 commits September 7, 2020 10:55
cherry pick pingcap#19702 to release-4.0
dec5b93 
Signed-off-by: ti-srebot <ti-srebot@pingcap.com>
fix conflict
ca720fc
zz-jason
zz-jason approved these changes Sep 7, 2020
View reviewed changes
Copy link
Member

@zz-jason zz-jason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-srebot ti-srebot added the status/LGT1 Indicates that a PR has LGTM 1. label Sep 7, 2020
@zz-jason
Copy link
Member

zz-jason commented Sep 7, 2020

/merge

@ti-srebot
Copy link
Contributor Author

Your auto merge job has been accepted, waiting for:

  • 19720

@ti-srebot ti-srebot added the status/can-merge Indicates a PR has been approved by a committer. label Sep 7, 2020
@ti-srebot
Copy link
Contributor Author

/run-all-tests

@ti-srebot
Copy link
Contributor Author

@ti-srebot merge failed.

@imtbkcat
Copy link

imtbkcat commented Sep 7, 2020

/merge

@ti-srebot
Copy link
Contributor Author

Sorry @imtbkcat, you don't have permission to trigger auto merge event on this branch.

@tiancaiamao
Copy link
Contributor

LGTM

@ti-srebot ti-srebot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Sep 7, 2020
@zz-jason zz-jason merged commit 879335a into pingcap:release-4.0 Sep 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zz-jason zz-jason zz-jason approved these changes

@tiancaiamao tiancaiamao tiancaiamao approved these changes

@lysu lysu Awaiting requested review from lysu

@SunRunAway SunRunAway Awaiting requested review from SunRunAway

Assignees

@imtbkcat imtbkcat

Labels
component/privilege sig/execution SIG execution status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2. type/bugfix This PR fixes a bug. type/4.0-cherry-pick
Projects
None yet
Milestone
v4.0.6
Development

Successfully merging this pull request may close these issues.
4 participants
@ti-srebot @tiancaiamao @zz-jason @imtbkcat